Security News

Australian telecom giant Optus on Monday confirmed that nearly 2.1 million of its current and former customers suffered a leak of their personal information and at least one form of identification number as a result of a data breach late last month. "Approximately 1.2 million customers have had at least one number from a current and valid form of identification, and personal information, compromised," Singtel said in an announcement made on its website.

Australian telecommunications company Optus has fallen victim to a significant cyberattack and data breach. Coming clean on Thursday, Optus said the attack exposed information including customers' names, dates of birth, phone numbers, email addresses, and - for some - physical addresses, ID document numbers such as driving license or passport numbers.

The campaign, active from April to June of this year, targeted Australian government agencies, Australian media companies and manufacturers who conduct maintenance on wind turbine fleets in the South China Sea. According to the researchers, victims were sent phishing emails that directed them to faked versions of Australian news outlets The Herald Sun and The Australian.

China-based threat actors have been targeting Australian government agencies and wind turbine fleets in the South China Sea by directing select individuals to a fake impersonating an Australian news media outlet. Victims landed on the fraudulent site after receiving phishing emails with enticing lures and received a malicious JavaScript payload from the ScanBox reconnaissance framework.

A 24-year-old Australian national has been charged for his purported role in the creation and sale of spyware for use by domestic violence perpetrators and child sex offenders. "The Frankston man engaged with a network of individuals and sold the spyware, named Imminent Monitor, to more than 14,500 individuals across 128 countries," the Australian Federal Police alleged in a press release over the weekend.

The report, titled Technology-facilitated abuse: National survey of Australian adults' experiences [PDF], used a sample of 4,562 subjects and found that approximately one in three TFA victimization experiences occurred "In a current or former intimate partner relationship." Australians with a disability, the LGBTQ+ community, and indigenous Australians were more likely to have experienced TFA than other groups. "We have no constraints within the company which precludes anyone from choosing what they want to do and we've had extensive discussions and meetings with the appropriate authorities," said the CEO. Labor rights organization Nascent Information Technology Employees Senate told The Register Parekh's comments were "Misleading."

New South Wales, Australia's most populous state, launched its DDL program in 2019, and as of 2021 officials there said that slightly more than half of the state's eight million people use the "Service NSW" app that displays the DDL and offers access to many other government services. "The DDL is hosted securely on the new Service NSW app, locks with a PIN and can be accessed offline. It will provide additional levels of security and protection against identity fraud, compared to the plastic driver licence," NSW Minister for Customer Service Victor Dominello said in 2019 when the service launched.

The New South Wales digital driver's license has multiple implementation flaws that allow for easy forgeries. A 4-digit application PIN is the encryption password used to protect or encrypt the licence data.

Nations running online foreign influence campaigns have turned to dating apps to recruit people privy to sensitive information, according to the director general of the Australian Security and Intelligence Organisation, the nation's security agency directed against external threats and a key partner in the Five Eyes security alliance. "In the last two years, thousands of Australians with access to sensitive information have been targeted by foreign spies using social media profiles," revealed ASIO supremo Mike Burgess during his third annual threat assessment address on Wednesday.

Australian Prime Minister Scott Morrison's WeChat account has been taken over by entities that have rebranded it "Australian Chinese new life" and used the account to offer advice on living in Australia for the nation's Chinese community. Morrison, leader of the right-of-centre Liberal Party of Australia, has used Tencent-owned WeChat as a campaigning tool to reach Australia's sizable Chinese community - many of whom are concentrated in particular seats and are therefore considered a sought-after voting bloc.