View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
January 2, 2019

2019’s First Data Breach: It Took Less than 24 Hours

30,000 state government's details phished....

By CBR Staff Writer

The first data breach of 2019 was reported less than 24 hours into the New Year.

The details of an estimated 30,000 Australian civil servants were stolen when a directory was downloaded by an unauthorised third party – believed to have phished the email address of a government employee in the state of Victoria.

The Victoria Premier’s Department said it had referred the breach to police, the Australian Cyber Security Centre and the Office of the Victorian Information Commissioner, Australia’s ABC network reported.

2019’s First Data Breach

The data set held details including work emails, phone numbers and job titles. Staff were told no banking or financial information was held in the directory.

“The Government will ensure any learnings from the investigation are put in place to better protect against breaches like this in the future,” the department said.

The incident comes two days after Australia’s national radio station operator Nova Entertainment also warned that a “legacy dataset” of information collected from listeners has been breached and “publicly disclosed”.

CEO Cathy O’Connor said in a statement that the data was collected between May 2009 and October 2011 and included personal information including name, gender and date of birth, contact information and user account details.

Content from our partners
Why all businesses must democratise data analytics
How start-ups can take the next step towards scaling up
Unlocking the value of artificial intelligence and machine learning

Read this: Morrisons Loses Data Breach Appeal: A “Serious Warning” for Business Leaders

The incident follows a year in which large scale breaches became the norm.

These include Facebook (up to two billion accounts scraped), the Marriott Hotel chain (over 500 million guests’ details), and Under Armour (150 million users’ details) to name just three. The equivalent to 291 records were stolen or exposed every single second in the first half of 2018, security company Gemalto’s Breach Level Index shows.  

The website, which tracks compromised email accounts, now recognises 5.6 billion accounts as “pwned”. 

(The website’s “pwned passwords” section meanwhile hosts 517,238,891 real world passwords previously exposed in data breaches.)

UK enterprises unsure how robust their databases are would be wise to start 2019 with a security audit: a late October ruling by the High Court means businesses have a greater duty of care than ever to protect employee’s data. The ruling held supermarket Morrisons  “vicariously liable” for a former employee leaking personal information of some 100,000 members of staff. The supermarket lost its appeal on October 23 in what was the UK’s first data protection class action, made by 5,518 claimants.

See also: GDPR Encryption Clause: Is This the “Get Out of Jail Free” Card for a Data Breach?

Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy