Australian State Government Faces Nearly 200,000 Customer Record Stolen in a Phishing Attack
Thursday, September 17, 2020 21:19
% of readers think this story is Fact. Add your two cents.
The Australian government has built a reputation as being one of the biggest proponents of cybersecurity. They have successfully defended their government and businesses from cyber attacks in the past. However, a recent series of successful cyber attacks has embarrassed the Australian government, forcing them to take steps to reevaluate their security services.
Several Security Breaches Throughout the Australian Government
Service NSW, which represents the digital service branch of the New South Wales government, was surprised when, in the latter part of April, successful phishing attacks allowed hackers to get access to the email accounts of more than 45 staff members.
The data collected as a result of the attack was limited to email records. This breach happened just a few days after the government needed to shut down its COVID-19 Australian Taxation Office program that was designed to give individuals early access to superannuation funds. This shutdown happened after it was revealed that a third-party agency associated with the program had felicitated fraud.
Some cybersecurity experts state that this could have been easily prevented with a multi-factor authentication.
186,000 Customer Records Stolen From Australia’s State Government
The theft of data related to over 186,000 individuals took place in April 2020. The amount of information totaled over 738 GB of data. More than 3.8 million documents were gathered.
These documents included a wide variety of information, like forms, records of transactions, scans, and applications. More than half a million documents had information that could personally identify the victims.
This personally identifiable information included things like firearms registrations, driver’s licenses, birth certificates, medical records, and credit card details. What is of special interest is that much of the data is thought to have involved transactions that took place over the phone or over the counter at Service NSW centers.
This email attack only targeted the accounts of the 47 staff members whose accounts were compromised. It is thought that the attack first came to light because a staffer tried to click a link in an email that looked suspicious.
All of this points to a phishing campaign of some sort. It was more than likely a spear phishing campaign designed to target specific employees who work within the Service NSW agency.
Police Involvement in the Investigation
Police immediately began investigating these cybersecurity attacks and looking at the agency with the goal of identifying the individuals who had been affected by the attack. If necessary, individuals who have been affected by the attack were given a case manager.
This isn’t the only time that Service NSW has been the victim of a cybersecurity attack that resulted in data being leaked. On September 1, more than 54,000 NSW drivers license images were leaked. This was because of an unsecured Amazon web services server. While that breach is not specifically blamed on the Australian government but on a third-party business, the effects that it has had on Australian residents is the same. Their private information has been exposed to the world.
While it is unfortunate that the Service NSW was the victim of a phishing attack, this shouldn’t be a surprise. Especially in light of COVID-19, there has been a surge of bad actors using targeted phishing attacks to gain access to private data in major companies around the world and in government institutions.
They are taking advantage of the fact that many organizations and governments now have their employees working from home. The change from working in a secured office environment to working from home happened so quickly that there was not enough time to put adequate network security measures in place.
Even businesses and governments that already had some security measures in place they may not have been able to adapt them or expand their infrastructure to the point where they could provide sufficient security for remote workers.
Many remote workers aren’t educated on how to secure their devices properly while working from home, and that puts a company at risk of their valuable data being stolen. While there are common security practices like using strong passwords, investing in antivirus software, or using a VPN service, many remote workers fall into the trap of using free services, or the ones that are too cheap to offer a good amount of protection.
Will Ellis of Privacy Australia tested over 20 VPN solutions focusing on a few important criterias like jurisdiction, logging policy, and speed. His 2020 report shows that not all VPN services offer the same quality for the price, and most of the remote workers that weren’t properly educated on cybersecurity solutions aren’t able to pick what’s best by themselves. But one thing is for sure – never use free VPN solutions ‘cause they probably collect and sell your data to advertisers on the Dark Web.
Training Employees to Take Cybersecurity Seriously
In every organization, it is the employee who is the best defense or possibly the weakest link when it comes to cyber attacks. This is especially true when it comes to phishing attacks.
Successful phishing attacks are carried out by sending an individual an email that might contain information that seems legitimate. The email may appear to come from management or a respected person in a business or government organization.
If employees are not trained to scrutinize emails before they open them and carefully review emails before opening attachments, they could find themselves inadvertently becoming a pathway that allows cyber criminals access to personal data.
There are some simple things that employees can do to keep their devices and their organization’s network safe. One simple thing is to use quality passwords to protect their devices, their accounts, and other sensitive information.
A quality password is going to be at least eight characters long, preferably 12 characters or more. It’s going to include alphanumeric symbols, upper and lowercase letters, and special symbols.
Having a strong password is just one part of what is needed. This is why organizations need to invest in employee training. Cyber criminals are constantly coming up with new schemes and developing new tactics to get the information or the data they want. This means that employees must be constantly brought up to speed with the latest approach criminals are trying.
Employers must commit to a variety of approaches to keeping their team up-to-date with what is out there and how to respond to these threats. It means that employees need to change their mindset. Instead of seeing an individual who opens a wrong attachment or who falls for a fake email as the point of failure, they need to understand that it is the security training of the organization that needs to be improved with the goal of keeping everyone safe.
It is dangerous for organizations to think that past success in cybersecurity is an indication of future success. Organizations should keep their team up-to-date with cybersecurity news. This helps the team think about cybersecurity attacks daily and recognize their role in keeping their organization or the government institutions that they work for safe.
Before It’s News® is a community of individuals who report on what’s going on around them, from all around the world.
Anyone can join.
Anyone can contribute.
Anyone can become informed about their world.
"United We Stand" Click Here To Create Your Personal Citizen Journalist Account Today, Be Sure To Invite Your Friends.
Anyone can join.
Anyone can contribute.
Anyone can become informed about their world.
"United We Stand" Click Here To Create Your Personal Citizen Journalist Account Today, Be Sure To Invite Your Friends.
Please Help Support BeforeitsNews by trying our Natural Health Products below!
Order by Phone at 888-809-8385 or online at https://mitocopper.com M - F 9am to 5pm EST
Order by Phone at 866-388-7003 or online at https://www.herbanomic.com M - F 9am to 5pm EST
Order by Phone at 866-388-7003 or online at https://www.herbanomics.com M - F 9am to 5pm EST
Humic & Fulvic Trace Minerals Complex - Nature's most important supplement! Vivid Dreams again!
HNEX HydroNano EXtracellular Water - Improve immune system health and reduce inflammation.
Ultimate Clinical Potency Curcumin - Natural pain relief, reduce inflammation and so much more.
MitoCopper - Bioavailable Copper destroys pathogens and gives you more energy. (See Blood Video)
Oxy Powder - Natural Colon Cleanser! Cleans out toxic buildup with oxygen!
Nascent Iodine - Promotes detoxification, mental focus and thyroid health.
Smart Meter Cover - Reduces Smart Meter radiation by 96%! (See Video).
MOST RECENT
HELP KEEP NEWS FREE
DONATE
HERE
| Online: | |
| Visits: | 1,599,604,682 |
| Stories: | 8,139,637 |
Wanted: Citizen Reporters,
Whistler Blowers, Insiders
Whistler Blowers, Insiders
"Not by might, nor by power, but by my spirit, saith the Lord of hosts." Zechariah 4:6
Today's Top Stories
Featured
Top Global
Top Alternative
In God We TRU$T ?
…..Because of the HEADjob of Christinsanity in Austria-alis of Holey Rome……was let out of JAIL-GAOL……(Jesus-Gesu).
…..All of Aussie has LOST TRUST…and FAITH ……in RCC~ Rape Children Cult…….Cardinal Sin of pHell?..(we must presume Innocent?)
While u virgins are run by Lawcourts aligned to FASCIST Axe> Rome.
Us underworld plebs, are run by the UNICORN Law courts….of Scotus 33 degree ….JACOBITES.
……iacobus, code for king iames and his KJV……..iacobus> yaakob…jacob….now ISRAEL?….
….
…….Who was Julius Ceaser and Jupiter marys?…when before 1600s..they were iulius and iupiter?….iupiter really iovis…BY JOVE !!