Australia Faces a Series of Major Data Breaches

2024, Jun 27

Australia has seen a significant increase in data breaches in 2024, often involving sensitive information such as passwords and financial details. Major companies affected include MediSecure, Ticketmaster, Shell, Telstra and Optus, leaving many individuals at risk of identity theft.

Learn how to check if your data has been breached, what steps to take if data has been breached, and key lessons from these breaches to improve your cybersecurity.
2024 data breach incidents in Australia

1. Optus (September 2022)
Optus, one of Australia's largest telecommunications companies, has experienced a major data breach, affecting 10 million current and former customers, nearly a third of the country's population. . Stolen information included names, dates of birth, home addresses, phone numbers, email addresses, passports and driver's license numbers.
There are differing opinions on how the breach occurred. Optus described it as a sophisticated cyber attack, while an Optus insider and the Australian Government suggested human error caused a vulnerability in the company's API (Application Programming Interface, for allows different software applications to communicate with each other). Multiple class action lawsuits have been filed against Optus, seeking compensation for any losses or damages resulting from privacy breaches.
2.Telstra (April 2024)
Telstra, a major Australian telecommunications provider, has reported a data breach affecting customer information. Sensitive data such as names, email addresses, and phone numbers were compromised.
The breach was part of a larger data set posted on a hacking forum, which claimed to contain data from 47,000 customers, although most of this is believed to be fake data. Although the breach did not involve a cyberattack, the exposure of personal information can pose risks such as identity theft and targeted fraud.
3. Shell (May 2024)
In May 2024, Shell experienced a major data breach, exposing sensitive information from 80,000 records. The breach carried out by hacker group “888” affected many countries, including Australia, UK, France, India, Singapore, Philippines, Netherlands, Malaysia and Canada. The stolen data included personal and contact information, putting those affected at risk of identity theft and targeted fraud.
Previously, in 2023, Shell also experienced a credential stuffing attack targeting employee credentials. The ransomware group exploited a vulnerability in the MOVEit file transfer platform, leading to a data breach affecting the personal information of employees, including those in Australia.
4.Ticketmaster (May 2024)
A hacker group called ShinyHunters claims to have stolen the personal information of 560 million Ticketmaster customers worldwide, including Australians. They said the stolen data included names, addresses, phone numbers and even partial credit card information. This group is demanding a $500,000 ransom to avoid selling this information to other parties (aka criminals).
While Ticketmaster has not yet confirmed the breach, the Australian government is working with the company to resolve the issue. This is especially worrying because Ticketmaster has a history of data breaches. According to Wired, ShinyHunters may have gained access by first compromising the contractor's computer to log into Ticketmaster's account on Snowflake, a cloud storage platform. This weakness highlights the importance of multi-factor authentication, which can prevent unauthorized access.
5.MediSecure (May 2024)
Until the end of 2023, MediSecure is one of only two prescription delivery services in Australia, allowing prescriptions, both paper and electronic, to be sent from doctors to the pharmacies of the patient's choice. A ransomware attack compromised the MediSecure database, exposing personal information such as names, addresses, and limited health information related to prescriptions. This large ransomware breach affected data from prescriptions filled before November 2023.
Following the incident, MediSecure entered administration, which saw an external administrator take control of the company to restructure and repay creditors. The Australian Government and various agencies have responded to minimize the impact on those affected.
How do I know if my data has been leaked?

In Australia, under the Notifiable Data Breaches scheme, many organizations are required to notify you if your personal data is involved in a data breach. They must provide you with the following information: a) their name and contact information, b) what information was breached, c) what happened, and d) what you should do to protect yourself protect yourself. This notice may be sent via email, phone call, or physical mail.
Also, pay attention:
1.Unusual account activity: Pay attention to unexpected changes to your online accounts, unauthorized logins, transactions, or strange accounts opened in your name. Regularly review your bank statements and credit reports to spot any signs of identity theft. Contact your financial institution immediately if you notice anything unusual.
2.Phishing: Be wary of fraudulent emails, phone calls, and text messages. Scammers can use your stolen information to impersonate legitimate organizations. These emails or calls may try to trick you into revealing personal information or clicking on malicious links. Always verify contact information by contacting the organization directly through their official channels.
What to do if your data is involved in a data breach
Change passwords for affected accounts, including online banking passwords and PINs. If you use the same password on multiple websites, change them all. Use strong and unique passwords for each account, ideally managed through a password manager like RICE VPN.
Enable multi-factor authentication (MFA) on all your accounts, if applicable, for an additional layer of security.
Monitor your bank and credit card accounts for unauthorized transactions. Get your credit report and check for unauthorized loans or applications. Report any suspicious activity to your bank.
Avoid email, text or call scams asking for sensitive information. Verify the legitimacy of any communication before responding.
Contact IDCARE anti-theft support if you suspect your identity has been stolen. This is a free identity and network support service that can help you secure your account and recover from identity theft.
Stay informed by reading official statements and reputable news sources. This helps you understand the breach and what data was compromised.
Complain about a data breach by contacting the relevant organization. If you are not satisfied with their response or do not receive a response, you can submit a written complaint to the Office of the Australian Information Commissioner (OAIC) ​​after giving the organization 30 days to respond.
Focus on accounts and services where the type of compromised data matches the leaked information to minimize the risk of potential damage. Seek help from the police and other support services if necessary.
What are some lessons we can learn from Australia's data breaches?
1.Ransomware protection: The MediSecure ransomware attack highlights the need for layered security measures and continuous monitoring to minimize vulnerabilities.
2.Strong Encryption for Sensitive Data: Given the nature of the Ticketmaster breach (stolen personal information and partial credit card information), any sensitive data must be encrypted while in transit. stored and transmitted using strong encryption algorithms. This makes the data unreadable even if an attacker has access to it.
3.You are only as safe as your weakest link: If a business has strong security systems but sends data to another company that has vulnerabilities in their system, that data will be vulnerable to attack. labour. All partners must verify, not just trust, that any data sent to their partners is safe there.

4.File transfer security: The vulnerability exploited by Shell in the MOVEit file transfer vulnerability shows the importance of securing file transfer platforms. Businesses need to assess and patch vulnerabilities in all systems containing sensitive data.
5.Securing data throughout its lifecycle: Telstra breach highlights the need to classify and encrypt sensitive data, manage access controls and securely dispose of outdated information .
6.Securing APIs & minimizing the risk of human error: The Optus breach highlights securing APIs to prevent unauthorized access and the importance of strong cybersecurity practices to minimize errors of humans as a flaw.

News Related

Aug 02, 2025

Things you can do with a VPN

1. Protect your online privacyA VPN helps you maintain your privacy while browsing the internet by encrypting all of your traffic, making it impossible for anyone – your ISP, hackers, governments, or even ad trackers – to read your data. VPNs also change your IP address, preventing
Aug 02, 2025

Change iPhone privacy settings for better security

The iPhone comes with a host of powerful security features that you can customize to protect your personal information and increase your internet safety. However, with so many options scattered across different menus, it can be difficult to know which settings are really necessary. This guide will
Aug 02, 2025

The best way to store passwords securely

How to Secure Your Passwords: Comparing MethodsPasswords have been used by humans for a long time as a basic security measure. However, while they are useful, they are not a perfect solution. The best way to manage your passwords depends on your habits, your level of tech savvy, and the number of
Aug 02, 2025

Official Announcement: RICE VPN for macOS is Coming Soon!

We are pleased to announce: VPNRice – the leading secure VPN application – is now officially available on macOS.After months of research and development, VPNRice for macOS was born with the goal of bringing Apple computer users a secure, fast and absolutely private connection
Aug 02, 2025

How to get virtual phone number

Virtual phone numbers rely on an internet connection instead of traditional phone infrastructure. So you don’t need a SIM card (Subscriber Identity Module), a separate device, or be tied to a fixed location. There are many ways to get a virtual phone number, but the quickest and easiest way
Aug 02, 2025

Protecting User Information When Using VPNRice

In the digital age, protecting personal information online is of utmost importance. VPNRice, with a commitment to providing safety and security to users, has taken many measures to ensure that personal information is not leaked or compromised. This article will detail how VPNRice protects user
Aug 02, 2025

GPS spoofing: what it is and how to avoid it

GPS spoofing is the act of sending out a fake GPS signal to trick the receiving device into believing that it is in a different location than it actually is. This method is often used for harmless purposes such as gaming or protecting privacy. However, in some cases, it can be exploited to commit
Aug 02, 2025

VPN for Telegram: Stay Anonymous and Connected Anytime, Anywhere

Platforms like Telegram have become essential for secure communication, news, and community engagement. But in many countries, including India and parts of the Middle East, Telegram is often restricted, limited, or blocked entirely. That’s where VPN RICE comes in.If you’re looking for a
Aug 02, 2025

Signs of email scams and how to handle them

Every day, cybercriminals send millions of malicious emails that attempt to trick people into giving them access to their login credentials, assets, and even their identities. However, by recognizing the signs of a scam early, you can stop it before it happens.This guide will show you the signs of
Aug 02, 2025

Fake IP Address: What It Is and How to Get One

An Internet Protocol (IP) address is an essential part of how your device connects to the internet. However, it also has its downsides—including privacy risks and restricted access to content. Your IP address can be used to track your online activity, and websites often use it to block you
Exclusive Offer
Get your Free 30 days access