‘Shocking’ data breach at major smoke alarm provider leaves homeowners at risk
- Replies 7
In an age where our personal information is as valuable as currency, the security of our data is paramount.
Unfortunately, a recent incident is a wake-up call for all homeowners, especially those of us who have grown to rely on the convenience and safety that modern technology provides.
A major Australian smoke alarm provider, Smoke Alarm Solutions, has been at the centre of a data breach that left an alarming amount of customer information exposed online for nearly three months.
This oversight has potentially put hundreds of thousands of individuals at risk of being targeted by unscrupulous criminals.
Cybersecurity Researcher Jeremiah Fowler discovered that the company, which operates across New South Wales, Victoria, Queensland, and South Australia, failed to protect 762,856 documents, amounting to 107GB of data.
Fowler reported they included over 355,000 detailed invoices, records of inspections, compliance reports, electrical safety inspections, service quotes, and service reports, all dated from 2021 to 2024.
It comes on the heels of a warning from the Australian Competition and Consumer Commission (ACCC) about a surge in fake invoice scams, which have already cost Australians over $16 million in the past year.
‘It’s very likely [the information was accessed by hackers] actually, because the bad guys are looking for the same data that I’m looking for, except when I find it I verify, validate and report it, but the bad guys are using it as a tool for scams, phishing attempts, anything they can get,’ Fowler said.
‘In this case you had templates of thousands of invoices. This company offers subscription services, you can see when the subscription is going to expire.’
‘So, for example, you wait until about one month before it expires and say, “Hey, we’re going to give you a 50 per cent discount,”’ Fowler added.
Fowler said the documents from Smoke Alarm Solutions contained ‘details only the company and the homeowner would know’, such as the locations of smoke alarms, types installed, and the dates of last work orders.
The breach was not addressed for months, even after Fowler's initial disclosure to the company.
‘I literally emailed them a follow-up email [after the initial disclosure] and was like, “Guys, it’s still available,”’ he said.
‘A month-and-a-half in, I actually sent them links to the cloud hosting providers on how to secure data, and it still stayed open for another month.’
‘Based on the circumstances of the alleged incident as instructed by our client, the alleged incident does not, in our view, constitute a notifiable data breach under the Act, and therefore our client is not required to notify either the authorities or any individual about such alleged incident,’ Smoke Alarm Solutions’ legal representative said to Fowler in a statement.
It is understood that Smoke Alarm Solutions had been contacted for comment.
In Australia, smoke alarms are mandatory in every home. According to IBISWorld, the fire and security alarm installation service industry is worth around $4 billion annually.
‘In Australia, it’s an interesting dynamic because you’re required to have a smoke alarm, you’ve got the penalty of law, and you’ve got a company that’s going to take care of that for you,’ Fowler said.
This comes after ACCC advised people to thoroughly check their invoices.
Victims usually only figure out they've been scammed when the real business contacts them about the unpaid invoice.
Large industries like real estate and construction are often targeted because they involve large amounts of money. Recently, scammers have also targeted travel companies and car dealerships.
However, scammers also operated on a smaller scale, sometimes pretending to be road services and asking people to pay overdue tolls.
‘Scammers are sophisticated criminals and are becoming more targeted in how they exploit Australian consumers and businesses,’ ACCC Deputy Chair Catriona Lowe said.
‘These criminals are posing as genuine businesses that a consumer has recently dealt with, sending fake invoices with altered payment details so that the money ends up with the scammer.’
Have you ever encountered a similar scam? What measures do you take to ensure your personal information remains secure? Let us know in the comments below.
Unfortunately, a recent incident is a wake-up call for all homeowners, especially those of us who have grown to rely on the convenience and safety that modern technology provides.
A major Australian smoke alarm provider, Smoke Alarm Solutions, has been at the centre of a data breach that left an alarming amount of customer information exposed online for nearly three months.
This oversight has potentially put hundreds of thousands of individuals at risk of being targeted by unscrupulous criminals.
A smoke alarm provider has been at the centre of a data breach for exposing customer information online for almost three months. Credit: Shutterstock
Cybersecurity Researcher Jeremiah Fowler discovered that the company, which operates across New South Wales, Victoria, Queensland, and South Australia, failed to protect 762,856 documents, amounting to 107GB of data.
Fowler reported they included over 355,000 detailed invoices, records of inspections, compliance reports, electrical safety inspections, service quotes, and service reports, all dated from 2021 to 2024.
It comes on the heels of a warning from the Australian Competition and Consumer Commission (ACCC) about a surge in fake invoice scams, which have already cost Australians over $16 million in the past year.
‘It’s very likely [the information was accessed by hackers] actually, because the bad guys are looking for the same data that I’m looking for, except when I find it I verify, validate and report it, but the bad guys are using it as a tool for scams, phishing attempts, anything they can get,’ Fowler said.
‘In this case you had templates of thousands of invoices. This company offers subscription services, you can see when the subscription is going to expire.’
‘So, for example, you wait until about one month before it expires and say, “Hey, we’re going to give you a 50 per cent discount,”’ Fowler added.
Fowler said the documents from Smoke Alarm Solutions contained ‘details only the company and the homeowner would know’, such as the locations of smoke alarms, types installed, and the dates of last work orders.
The breach was not addressed for months, even after Fowler's initial disclosure to the company.
‘I literally emailed them a follow-up email [after the initial disclosure] and was like, “Guys, it’s still available,”’ he said.
‘A month-and-a-half in, I actually sent them links to the cloud hosting providers on how to secure data, and it still stayed open for another month.’
‘Based on the circumstances of the alleged incident as instructed by our client, the alleged incident does not, in our view, constitute a notifiable data breach under the Act, and therefore our client is not required to notify either the authorities or any individual about such alleged incident,’ Smoke Alarm Solutions’ legal representative said to Fowler in a statement.
It is understood that Smoke Alarm Solutions had been contacted for comment.
In Australia, smoke alarms are mandatory in every home. According to IBISWorld, the fire and security alarm installation service industry is worth around $4 billion annually.
‘In Australia, it’s an interesting dynamic because you’re required to have a smoke alarm, you’ve got the penalty of law, and you’ve got a company that’s going to take care of that for you,’ Fowler said.
This comes after ACCC advised people to thoroughly check their invoices.
Victims usually only figure out they've been scammed when the real business contacts them about the unpaid invoice.
Large industries like real estate and construction are often targeted because they involve large amounts of money. Recently, scammers have also targeted travel companies and car dealerships.
However, scammers also operated on a smaller scale, sometimes pretending to be road services and asking people to pay overdue tolls.
‘Scammers are sophisticated criminals and are becoming more targeted in how they exploit Australian consumers and businesses,’ ACCC Deputy Chair Catriona Lowe said.
‘These criminals are posing as genuine businesses that a consumer has recently dealt with, sending fake invoices with altered payment details so that the money ends up with the scammer.’
.png){kind=icon}
