Kott Gunning has prepared the below cyber threat register, to help businesses stay informed about data breaches and cyber incidents in 2018.


March Svitzer – hack/data breach Svitzer, a shipping company, has reported that over 50,000 emails had been forwarded to a third-party, with potential lost details including tax file numbers and superannuation account numbers. This was one of the first incidents reported under the mandatory data breach reporting laws that took effect in February.
April Facebook / Cambridge Analytica – data disclosure / harvesting An estimated 87,000,000 Facebook users have had their data harvested by third-party Cambridge Analytica through online surveys.
May Commonwealth Bank – potential data loss/disclosure The CBA has confirmed it may have lost two data tapes containing financial statements of nearly 20,000,000 customers. The tapes were meant to be destroyed. However, the CBA did not receive the requisite proof of destruction document, so the tapes could be out there somewhere.
May PageUp – hack/data breach/malware PageUp, an online HR software platform, has admitted that malicious code was executed on their systems. The extent of the breach is unclear, however data may have been accessed including bank details and tax file numbers!
April/May Family Planning NSW – hack/data breach Hackers have accessed Family Planning NSW's database, potentially stealing up to 8,000 people's personal information. The hackers reportedly demanded a $15,000 ransom.
June Ticketmaster – hack/malware/data breach Ticketmaster has reported that malware has resulted in a data breach with potential theft of customer details including names, email addresses, login details, and payment information.
July HealthEngine – accidental data disclosure HealthEngine, a medical appointment booking website, has admitted to a data breach. The breach involved users' identifying information being accessible to anyone after leaving a review.
July Tasmanian Electoral Commission (TEC) / Typeform – hack/data breach The TEC has reported that Typeform had been hacked, with voter details accessed (including name, date of birth, and email address information). Typeform is a third-party company that collects data for the TEC.
July Apple – employee theft /data disclosure An Apple employee is alleged to have downloaded internal commercial data and attempted to take them to China. The data included the blueprint for a self-driving car circuit board.
July US military – hack/data breach US military documents have been stolen after a hacker accessed an Air Force captain's router. The breach includes sensitive documents about US military drones.
July Aviation ID Australia – hack/data breach Aviation ID Australia has been hacked, admitting that a "localised portion" of their website had been accessed and they were unable to confirm what information had been accessed. The company issues Aviation Security Identity Cards, which allow access to secure areas of airports.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Kott Gunning is a proud member of