Top hacks, data breaches, and cyber threats in APAC

A cyberattack from a third party compromised the New Zealand government.

A cyber attack compromised the data and systems of an IT-managed services provider in December 2022. This service provider supports many organizations throughout New Zealand, including some within the government.

The cyber-security incident affected some providers contracted with Te Whatu Ora, Health New Zealand. However, service delivery to health patients was not affected.

The Ministry of Justice confirmed that it was also affected and that the cyber-attack had impacted access to specific coronial data. The alleged autopsy reports included thousands.

The National Cyber Security Center of New Zealand (NCSC) announced that it coordinated the government response to the cyberattack in the Government Communication Security Bureau and the New Zealand Police and CERT NZ.

Lisa Fong said the NCSC is working closely with the third-party compromised to “understand the nature of data that was impacted” and how the cyberattack occurred.

Medibank data breach affects 9.7 million people.

Medibank, an Australian health insurance provider, suffered a data security breach on October 13, 2022. The incident affected 9,7 million people.

The hacker responsible for the breach tried to extort Medibank by contacting the company directly and negotiating data release. Medibank declined, and the hacker released private medical data obtained during the violation to the Dark Web.

On November 10, 2022, the hacker uploaded a file labeled “abortions” on a website backed by the Russian ransomware group REvil. The file contained information about procedures for which policyholders had claimed, such as miscarriages and terminations or ectopic pregnancy.

On November 9, 2022, they will also release files with customer data titled “good-list,” “naughty list,” or “bad-list.” The “naughty list” includes information on people who sought treatment for HIV or drug addiction, alcohol abuse, or mental health issues such as eating disorders.

Hacker adds to post on data leak of November 10, saying, “Society asks us about ransom. It’s a ten millions (sic).” We can discount 9,7m $1=1 customer.

Clare O’Neil, the Australian minister for home affairs, retaliated against the hackers during question time on November 10. She said: “I’d like the scumbags who are behind this attack to be aware that the most intelligent and toughest people from this country will [come] at you.”

“I would like to express my regret to women who have had their private health information compromised over night. As the Minister for Cyber-security, but most importantly as a female, I feel that this shouldn’t have happened. And, I understand this is a difficult time.”

David Koczkar (CEO of Medibank) called the release “disgraceful” and “a weaponization of private information.” He called the perpetrators of the cyberattack and data leak “deplorable.”

Medibank has warned the public, the media, and those affected by the cyber-security incident and subsequent data breaches. The bank wants to prevent the spread of sensitive data and encourages people to avoid contacting customers directly.

Toyota admits data breach after key posted on GitHub.

The Japanese automaker Toyota released an apology and a statement on October 7, 2022, after discovering that third parties could have gained unauthorized access to customer information from December 2017 until September 2022.

A section of source code for T-Connect (an app that allows users to connect their phones to their cars) was posted in December 2017 on the source codes repository. The source code included an access key to the server, which could have allowed unauthorized access for up to five years.

Customers who downloaded the app between December 2017 and September 2022 could have their data accessed. This means the data of up to 296 019 customers was potentially leaked. The information available included email addresses and Customer Management Numbers. Information such as payment card numbers, names, and addresses were not accessible.

Toyota stated that after a security review, it could not confirm or deny the existence of third-party access based on access records to the server that stores the email address and Customer Management Number.

Toyota said it will also notify each person affected by the defect.

MyDeal data breaches affect 2.2 million people.

MyDeal, an Australian online retail platform, confirmed in October 2022 it had been the victim of a data breach that exposed the information of approximately 2.2 million customers.

The retailer, a subsidiary of supermarket chain Woolworths, said it would contact all those affected via email and alert “relevant regulatory agencies and government agencies.”

Woolworths stated that the breach occurred because a malicious actor used “a compromised credential” to gain unauthorized access to MyDeal’s Customer Relationship (CRM) System.

During the cyberattack, customer information was exposed. This included names, dates of birth, phone numbers, and email addresses. The data that was exposed for 1.2 million customers was their email addresses. MyDeal does not store confidential information such as passports, payment cards, or driver’s license numbers. Therefore, this data was not compromised.

The GPS Tracker has vulnerabilities that could endanger 1.5 million vehicles.

In August 2022, it was revealed that a GPS tracker made by the Chinese company MiCODUS had numerous cybersecurity flaws. This could have allowed bad actors to hack into a vehicle’s system.

The MiCODUS MV720 tracking device was sold in 169 countries, and more than 1.5 million devices were installed.

BitSight, a cyber security start-up, was the first to discover these critical cyber security problems. BitSight notified the US Department of Homeland Security (CISA) about the vulnerability after its discovery.

CISA confirmed, “successful exploitation could allow an attacker to control any MV720 GPS Tracker, granting them access to location and routes, fuel-cutoff commands, and the disarming various features (e.g. alarms)”.

BitSight reported on the vulnerabilities that MiCODUS was being used by many organizations, including “a Fortune 50 company, national military in South America and national governments and law enforcement agencies in Western Europe”.

The company also revealed that MiCODUS had a customer base of over 420,000 worldwide, and 1.5 million devices were sold. BitSight was unable, however, to determine how many MiCODUS units are currently being used globally.

Telstra employees’ information exposed online after data breach.

Telstra, an Australian telecommunications firm, revealed on Tuesday it was hit by a data breach that exposed the personal details of 30 000 current and former employees.

Hacking forum BreachedForums posted the details, including the employee’s first and last name and email address.

Telstra confirmed in a tweet that the leak was “not a breach on any Telstra systems,” it had notified first its employees and authorities and then former employees despite “minimal risks” for them.

Leave a Reply

Your email address will not be published. Required fields are marked *