Services Australia data breaches increase by 440 per cent, reports reveal
- Replies 0
In an age where our personal information is as valuable as currency, it's alarming to learn that Services Australia has become a prime target for scammers.
Reports revealed a staggering surge in data breaches, with scammers using stolen details to hack into customer accounts.
This revelation is a stark reminder of the importance of safeguarding our personal information.
The data, which was obtained under freedom of information by a user on the transparency website Right to Know, showed that as of 5 July, Services Australia had reported 49 data breaches due to social engineering in 2024 alone.
This figure is a shocking 440 per cent increase from the nine reports in 2023 and a significant jump from the single report recorded in each of the previous three years.
Social engineering is a sophisticated form of deception where scammers impersonate individuals to gain unauthorised access to personal information.
It's a tactic that preys on human psychology rather than technological vulnerabilities, making it particularly insidious and difficult to combat.
Services Australia's general manager, Hank Jongen, has acknowledged the rise in data breaches, attributing it to the use of personal information stolen from third-party data breaches both in Australia and internationally.
‘The vast majority are the result of customer information becoming compromised through previous third-party data breaches occurring in Australia and overseas, as well as from small- and large-scale identity theft or phishing scams and from mail theft,’ Jongen said.
‘The increase in notifiable data breaches in recent years across industry and government reflects the growing trend of scammers impersonating organisations and targeting individuals to steal sign-in credentials and other personal information.’
The consequences of these breaches are not trivial. In the 2023-24 financial year, around 14,000 users were notified that their personal information on some websites—such as Medibank and Medisecure—might have been accessed by unauthorised individuals.
Cyber-threat intelligence analyst Jeremy Kirk from Intel 471 has pointed out that data breaches provide a continuous supply of fresh identity information for criminals.
‘Every organisation that runs online customer-facing systems faces challenges ensuring that only an authorised account holder is actually the one accessing the account,’ he said.
‘These info-stealers scrape all kinds of data from web browsers, from credentials to cookies to credit card and personal data. These data packages are sold in underground cybercriminal forums and on chat services such as Telegram.’
Kirk mentioned that cybercriminals are bypassing defences like two-factor authentication by using phishing tactics, often through email or text messages, to deceive individuals into sharing their security codes.
‘Then they immediately login into an account. There’s other security telemetry that service providers can use to try to detect unauthorised logins, but it can be very difficult to stop,’ he added.
The Australian Information Commissioner (OAIC) reported that most data breaches in the first half of 2024 by government entities were through social engineering or impersonation.
‘It is essential that government agencies, especially those with service delivery functions, model best practice and build community trust in their ability to protect the security of personal information they hold,’ the OAIC said.
For those concerned about the security of their accounts, Jongen advised checking for unrecognised activity and ensuring personal details are correct. Services Australia has also set up a dedicated hotline (1800 941 126) for those who suspect their accounts may have been compromised.
Have you or someone you know been affected by a data breach? What measures do you take to safeguard your personal information? Share your experiences and tips in the comments below.
Reports revealed a staggering surge in data breaches, with scammers using stolen details to hack into customer accounts.
This revelation is a stark reminder of the importance of safeguarding our personal information.
The data, which was obtained under freedom of information by a user on the transparency website Right to Know, showed that as of 5 July, Services Australia had reported 49 data breaches due to social engineering in 2024 alone.
This figure is a shocking 440 per cent increase from the nine reports in 2023 and a significant jump from the single report recorded in each of the previous three years.
Reports have revealed that there has been a surge in data breaches in Services Australia. Credit: Unsplash
Social engineering is a sophisticated form of deception where scammers impersonate individuals to gain unauthorised access to personal information.
It's a tactic that preys on human psychology rather than technological vulnerabilities, making it particularly insidious and difficult to combat.
Services Australia's general manager, Hank Jongen, has acknowledged the rise in data breaches, attributing it to the use of personal information stolen from third-party data breaches both in Australia and internationally.
‘The vast majority are the result of customer information becoming compromised through previous third-party data breaches occurring in Australia and overseas, as well as from small- and large-scale identity theft or phishing scams and from mail theft,’ Jongen said.
‘The increase in notifiable data breaches in recent years across industry and government reflects the growing trend of scammers impersonating organisations and targeting individuals to steal sign-in credentials and other personal information.’
The consequences of these breaches are not trivial. In the 2023-24 financial year, around 14,000 users were notified that their personal information on some websites—such as Medibank and Medisecure—might have been accessed by unauthorised individuals.
Cyber-threat intelligence analyst Jeremy Kirk from Intel 471 has pointed out that data breaches provide a continuous supply of fresh identity information for criminals.
‘Every organisation that runs online customer-facing systems faces challenges ensuring that only an authorised account holder is actually the one accessing the account,’ he said.
‘These info-stealers scrape all kinds of data from web browsers, from credentials to cookies to credit card and personal data. These data packages are sold in underground cybercriminal forums and on chat services such as Telegram.’
Kirk mentioned that cybercriminals are bypassing defences like two-factor authentication by using phishing tactics, often through email or text messages, to deceive individuals into sharing their security codes.
‘Then they immediately login into an account. There’s other security telemetry that service providers can use to try to detect unauthorised logins, but it can be very difficult to stop,’ he added.
The Australian Information Commissioner (OAIC) reported that most data breaches in the first half of 2024 by government entities were through social engineering or impersonation.
‘It is essential that government agencies, especially those with service delivery functions, model best practice and build community trust in their ability to protect the security of personal information they hold,’ the OAIC said.
For those concerned about the security of their accounts, Jongen advised checking for unrecognised activity and ensuring personal details are correct. Services Australia has also set up a dedicated hotline (1800 941 126) for those who suspect their accounts may have been compromised.
