2023 saw Australia experience a series of cybersecurity challenges, including one of the largest data breaches in the country’s history, which affected no less than 10 million people. These events signalled a significant increase in cybersecurity breaches, surpassing previous records and forcing businesses and government leaders to establish swift and comprehensive response plans. Read on to learn about the most significant cyber breaches this year, and how businesses responded.

The Victorian Court System

In January 2024, Victoria’s court system was the target of a ransomware attack. Hackers accessed an area of the court system’s audio-visual archive, which is thought to contain recordings of hearings from highly sensitive cases. According to Court Services Victoria, the hack could possibly include Supreme Court recordings from the Court of Appeal, the Criminal Division, the Practice Court, and two regional hearings in November 2023. County Court cases, as well as criminal and civil hearings recorded between November 1 and December 21 2023, were also said to be among the illegally accessed data.

The attack became apparent when staff were locked out of their computers and messages reading ‘YOU HAVE BEEN PWND’ appeared on their screens. The organisation has taken all appropriate action, with Court Services Victoria notifying those whose court appearances have been accessed by hackers, as well as setting up a contact centre for people who believe they may have been affected. To date, court operations have not been affected, with hearings proceeding as usual.

Hal Leonard

Hal Leonard Australia fell victim to their largest cyberattack to date in January this year. A subsidiary of the world’s largest music print publisher, Hal Leonard, was attacked by hacker group Qilin, who made the breach public through a post on their dark web portal. The post announced that the group had infiltrated and stolen 40 Gigabytes of sensitive data, which included private contracts, agreements, financial documentation, projects, and extensive email correspondence. The group then released 37.6 Gigs of that information onto the internet. In ongoing efforts, Hal Leonard has partnered with a cybersecurity team and aims to rectify and repair all damage caused as soon as possible.

Dan Murphy’s, Event Cinemas and Guzman Y Gomez

A number of large businesses were targeted by cybercriminals in a focused attack, that included fraudulent access to over 15,000 online customer accounts. Hackers allegedly used this data to rack up thousands in online purchases through accounts, using saved credit card details, gift cards and store credit.

All businesses involved immediately responded to the event, prioritising the safety of their customers. “A small number of user accounts were subject to fraudulent transactions,” a spokesman from Dan Murphy’s said. “Our team took immediate action and has been working with affected customers.”

The Australian Labor Party

A cyber attack on law firm HWL Ebsworth, resulted in the Australian Labor Party experiencing Australia’s largest-ever government data breach. Millions of files were stolen from the country’s largest commercial law firm, impacting key intelligence, defence, and economic departments.

Officials disclosed that 62 government departments, including Australia Post, the Departments of Prime Minister and Cabinet, Treasury, Foreign Affairs and Trade, Home Affairs, and the Tax Office, were affected. NSW Labor stated that it is treating the attack with utmost seriousness. “We have referred the matter to police, and we are conducting a full investigation,” a spokesman said.

The Iconic

Online retailer The Iconic confirmed it had experienced a cyber attack known as ‘credential stuffing’ where hackers use lists of compromised user credentials, such as email and password combinations exposed in separate data breaches, to breach other systems. In the attack, customers experienced fraudulent transactions against their accounts, with some accounts racking up thousands of dollars. “The security of our customer data is of the utmost importance to us, and we continue to work with our third-party security partners to protect against all fraudulent activity”, the retailer said.

YAKULT

Yakult Australia has been hit by a ransomware attack, which saw hackers attempting to extort money from the probiotic company. The incident included the theft of company records and sensitive employee documents, including passports. DragonForce, the group that claimed responsibility for the breach, leaked 95 gigabytes of data onto the dark web, including records dating back to 2001.

A statement on the company’s website said it was working with cyber incident experts to investigate the extent of the incident. “We are doing everything we can to resolve the issue. All our offices in Australia and New Zealand remain open and continue to operate,” the release stated.

Eagers Automotive

Australia’s largest automotive dealership group, Eagers Automotive, has experienced a massive cyber attack, compromising its IT systems across Australia and New Zealand and restricting its ability to trade within certain parts of its business. The company, which has about 10 per cent of Australia’s new vehicle market, sells popular brands including Toyota, Ford, Volkswagen, Honda, BMW and Subaru. The hack targeted the business’ ability to finalise transactions for certain new vehicles that have been sold and are ready for delivery as well as interfering with certain aspects of the company’s service and parts operations.

An Eagers statement outlined that an investigation of the company’s IT systems had commenced to assess the extent of the hack, with particular emphasis on safeguarding customer and employee information. “The company is investigating rapidly. As part of our cyber security protocols, external incident response experts have been appointed to support the ongoing investigation and response”, a spokesperson said.

Keeping your business safeguarded

Given the frequency of data breaches and cyber attacks, it is imperative that businesses and their staff follow safe online practices and establish robust prevention, detection, and response mechanisms to cyber threats.

If you’re looking for an expert IT partner who can help you safeguard your assets, preserve your reputation, and sustain daily operations, contact Evologic today. We specialise in identifying specific cybersecurity risks and offering comprehensive solutions tailored to your business. We also conduct routine audits, scans, and security evaluations to maintain your cyber resilience against online attacks. Get in touch with a member of our team today.

Cyber Security for Employees

FREE: CYBER SECURITY TRAINING GUIDE FOR EMPLOYEES

Ensure your business is protected from the front line

Get my free guide