Over the past 2 weeks, Optus and LandMark White have been in the spotlight for data breaches. Whilst both organisations are reaching out to affected customers and consulting with cybersecurity experts, we wanted to keep you in the loop. Here’s what we know so far: 

LandMark White 

Large property evaluation firm 

Exploit: Database leak 

Customers Impacted: Up to 10,000 

Risk to Small Business: 2 = Severe 

Valuations completed by the firm have been found exposed across the Internet, along with the personal information of homeowners, residents, and property agents.

Individual Risk: 2.571 = Moderate 

Everything from property valuations and details, to personal contact numbers and residential addresses could have been accessed. No bank information was compromised in the breach, but the disclosure of property data can have serious ramifications when placed in the wrong hands.  

Update: Since the incident, the Commonwealth Bank of Australia (CBA) and ANZ Bank have suspended Landmark White from its panel of valuers, and an investigation has begun. LandMark White’s CEO, Chris Coonan, has advised that there is currently no evidence of misuse of any information.   

 

What can you do: 

If your company has been affected by LandMark White’s data breach, we recommend implementing advanced search techniques that can comb the Internet and Dark Web for exposed user data as a precaution. 

Read more: https://www.smh.com.au/business/companies/home-loan-details-in-major-data-breach-20190212-p50xas.html 

 

Optus 

Telecommunications company that is looking to be first-in-market with a 5G home broadband service. 

Exploit: Website glitch and phishing

Details: Optus disabled its website after receiving customer complaints of a system glitch that meant they could see other customer’s information. Some also reported they had received phishing emails posing as Optus.  

This news comes shortly after Optus paid multiple fines and refunds for misleading customers and developing proper identity verification safeguards.  

Customers Impacted: To be determined 

Risk to Small Business: 2.111 = Severe 

 Employees opening phishing emails could lead to your own data breach and cyberattacks. Also, if your employee’s password has been compromised and they use the same password to access business applications, your data could be at risk. 

Individual Risk: 2.857 = Moderate 

Your password could be compromised.  

After being able to view the names, account numbers, services, and numbers of other users, customers were concerned that the website had been hacked and their login data accessed.  

Update: Optus have decided to reopen its website and have contacted customers who might have been impacted by the system glitch.  

What can you do: 

As the proverb states, forewarned is forearmed. We recommend the following: 

  • Enforce a password update for all users 
  • Turn on multi-factor authentication for your business applications 
  • Conduct cybersecurity training for all employees 
  • Run phishing email experiments to ensure your training has been effective  
  • Have a Dark Web scan conducted to determine if any of your employees’ credentials have been exposed 

Things to remember: 

Companies that attempt to conceal a data breach can end up in the news cycle longer than normal and should instead work quickly to detect and mitigate the compromise. Without advanced detection, businesses run the risk of losing customer trust and facing additional consequences, making the benefits vs. costs assessment very clear. 

Read more: https://www.zdnet.com/article/optus-disables-my-account-site-after-users-complain-of-privacy-breach/  

Risk Levels: 

1 – 1.5 = Extreme Risk 

1.51 – 2.49 = Severe Risk 

2.5 – 3 = Moderate Risk 

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach. 

ONGC Systems to the Rescue 

Minimise the risk of your own data breach or cyberattack: 

Speak to a member of our team if you’d like to learn more about some of the solutions available and how you can ensure your company is protected.