2022 List of Data Breaches by Months

Last year in Australia, we saw an increase in the number of cyber threats and data breaches that affected our nation. The ACSC (Australian Cyber Security' Centre) received over 76,000 cybercrime reports, that is an increase of nearly 13% when compared to 2021. On average, a cybercrime would be reported every 7 MINUTES in Australia. Below is a list only containing a few dozen out of thousands of businesses and organisations that were compromised by a serious data breach conducted by a threat actor.

All of these are related to organisations well known to you but you might not be fully aware of these breaches reported. Some of the most notable data breaches reported in Australia include:

1. Crypto.com – January 2022: Security News This Week: Crypto.com Finally Admits It Lost $30 Million in Hack

2. Red Cross Australia – January 2022: Locations and contact data on 515,000 vulnerable people stolen in Red Cross data breach. Australian Red Cross clients potentially caught up in international cyber attacks. Red Cross cyberattack sees data of thousands at-risk people stolen. Red Cross Cyber Attack Exposes Data of 515,000 Vulnerable People. The Australian Red Cross warns clients of potential security breaches. Aussie Red Cross flags potential cyber breach. Australian Red Cross clients potentially caught up in international cyber attacks. Red Cross hackers exploited Zoho vulnerability to gain entry | Accessed case files of 515,000 vulnerable people held in an encrypted database.

3. TfNSW (Accellion) – January 2022: TfNSW finds more customers, employees impacted by Accellion breach

4. FlexBooker – January 2022: Scheduling Platform FlexBooker Discloses Data Breach Affecting 3.7 Million Accounts

5. Sydney Trains - February 2022: An unauthorised third party gained access to staff and contractors' personal information, including names, contact details, and tax file numbers.

6. Medlab Pathology – February 2022: Medlab Pathology discloses February data breach. Australian Clinical Labs accused of ‘sitting on’ hack that saw patient data posted to the dark web

7. OAIC Report – February 2022: Australian gov data breach numbers slip out of public view. Latest notifiable data breaches report.

8. NSW Government – February 2022: Sensitive addresses among more than 500,000 leaked from the NSW Government database. NSW nurses strike as data breach defended. Sensitive business addresses among 500,000 published in COVID data breach

9. News Corp – February 2022: News Corp reports cyber data breach. Chinese hackers believed to be behind News Corp data breach.

10. CFMMEUR – February 2022: Union fined for data centre breach

11. Department of Premier & Cabinet Victoria – March 2022: An attack on an email system resulted in the exposure of confidential data related to investigations into sexual harassment allegations against members of parliament.

12. Sydney Airport – March 2022: Personal details such as passport numbers and flight dates were exposed when hackers gained access to the airport’s online services.

13. Warrnambool Council – March 2022: Data breach was ‘not serious’

14. OKTA – March 2022: Okta says third-party breach may have impacted up to 366 customers – Hackers took control of the contractor's computer. Lapsus$ hackers exploited Okta supplier’s security lapses – Allegedly found spreadsheet with login credentials. Okta investigates possible data breach – May relate to third-party customer support engineer targeted in January. Okta confirms hundreds of customers could be affected by data breach – January 2022 breach could have affected hundreds of Okta customers

15. Microsoft – March 2022: Hackers Post Images Showing Possible Microsoft Breach – The same cybercriminal group that recently breached Nvidia briefly shares a screenshot that suggests the hackers also gained access to Bing’s source code. Microsoft Azure DevOps targeted by hackers | ‘Single account’ compromise led to Microsoft’s Lapsus$ code leak – Attackers were interrupted mid-operation

16. Ubisoft – March 2022: Ubisoft says ‘cyber security incident’ last week shows no evidence of data breach – Ubisoft’s IT team is working with external experts to investigate the incident, which took place last week. Ubisoft fans need to change their passwords now – Ubisoft player data should still be safe

17. Nvidia – March 2022: Over 71,000 Nvidia accounts have personal data leaked following the hack. Nvidia says employee, company information leaked online after a cyber attack. Nvidia hackers claim they also hit Vodafone, threatening data leak. NVIDIA data breach exposed credentials of over 71,000 employees.

18. Toyota Motor – March 2022: Toyota suspends domestic factory operations after suspected cyber attack | 13,000 vehicles held up after supplier hacked

19. Australia Post – April 2022: Personal information from approximately 200 employees was exposed via an unsecured website.

20. SuperVPN, GeckoVPN, ChatVPN – April 2022: 25 million free VPN user records exposed

21. Coca-Cola – April 2022: Coca-Cola investigating potential large-scale data breach | A new threat actor claims to have stolen gigabytes of data. Top Data Breaches and Cyber Attacks of 2022. Cybercrime is big business, and it’s already rife in 2022 – we’ve highlighted ten top cases

22. Panasonic – April 2022: Panasonic hit by another major cyberattack | Almost 3GB of data taken in attack on Panasonic

23. Block (ASX:SQ2) – April 2022: Block (ASX:SQ2) share price jumps 6% despite reporting a data breach

24. Department of Home Affairs – May 2022: Hundreds of classified Home Affairs documents believed sent to unsecured address in ‘serious’ breach of security protocols

25. NDIS – May 2022: Sensitive NDIS health data breached in client platform hack. NDIS case management system provider breached | Updated: “Large volume” of sensitive health data exposed.

26. Spirit Super – May 2022: Spirit Super hit by data leak, 50,000 accounts exposed. 50,000 super fund members impacted by data breach

27. APAC – May 2022: APAC organisations fail to disclose ransomware breaches

28. Facebook – May 2022: Facebook’s Zuckerberg sued for data breach. Mark Zuckerberg, head of Facebook-owner Meta, is being sued in the US over the Cambridge Analytica scandal that compromised the personal data of millions

29. South Australian Government – May 2022: More than 90,000 South Australian public servants now involved in payroll data breach

30. National Tertiary Education Union – May 2022: NTEU becomes victim of data breach | NTEU servers were subject to a ransomware attack, a week out from University wide-strikes

31. Transport for NSW – May 2022: TfNSW hit by another data breach. TfNSW hit by second cyber attack in less than 18 months | Confirms authorised inspection scheme system data accessed. Data breach a Transport for NSW fail.

32. iCare – June 2022: iCare data breach due to ‘human error’, agency says iCare launches systems review after 193,000 claimants affected by privacy breach. iCare sends private details of 193,000 workers to wrong employers

33. Neopets – July 2022: A Hacker Is Trying to Sell Data on 69 Million Neopets Users. The Hackers Who Breached Neopets Were Inside Its IT Systems for 18 Months.

34. Uber – July 2022: Uber confesses it covered up a huge data breach | Confession comes as part of DoJ settlement. Uber settles with DOJ for failing to disclose breach that exposed 57 million users’ data

35. Perth Festival, Black Swan State Theatre Company – July 2022: Perth Festival, Black Swan Theatre and other arts organisations hit by major data breach

36. Victorian Government – July 2022: Students, travellers and staff exposed as Hotel Quarantine data breach revealed

37. Woolworths – July 2022: Woolworths denies data breach after outraged shoppers claim Everyday Rewards hacked

38. Marriott – July 2022: Marriott suffers yet another data breach

39. Mangatoon – July 2022: Millions of comic book fans have data leaked after Mangatoon breach

40. China Police – July 2022: Private information of more than 100 Australians exposed amid huge China police data leak

41. Deakin University – July 2022: Deakin University reveals breach of 47,000 students’ details | Subset targeted with smish sent via officially-used SMS channel. Data on Almost 47,000 Students Exposed in Deakin Uni Breach. Hackers target Deakin Uni

42. AMD – July 2022: AMD is investigating a serious potential data breach | An attacker claims to have stolen 450Gb of sensitive data. AMD Is Investigating a Potential Data Breach Allegedly Caused by Weak Passwords

43. OpenSea – July 2022: OpenSea customers warned to stay on high alert for phishing attacks | OpenSea email database exposed by a third party. NFT giant OpenSea reports major email data breach. OpenSea users’ email addresses leaked in a data breach. NFTs Have Been Stolen From OpenSea Users

44. LastPass – August 2022: Password manager company LastPass reports major security breach | The company – which has more than 25 million users – says hackers stole parts of its source code and other sensitive data. LastPass was hacked, but it says no user data was compromised

45. DoorDash – August 2022: Aussies’ sensitive details at risk after global data breach | Popular food delivery service DoorDash is investigating whether credit card and contact details of Australians have been leaked.

46. Facebook – August 2022: A Facebook glitch has affected users worldwide. So, what went wrong and has there been a data breach?

47. WA Health – August 2022: WA Health Department apologises for monkeypox data breach of passengers on flight from Doha to Perth. Nurse responsible for major monkeypox data breach in Perth. Health Department under fire as personal details of monkeypox plane passengers sent out in email

48. Cisco – August 2022: Hackers Breach Cisco and Steal Data, But Fail to Deploy Ransomware

49. Twitter – August 2022: Twitter confirms personal details of millions of account holders compromised. Twitter says zero-day bug leaked account data. More than 5 million Twitter accounts impacted by recent data breach

50. North Face – September 2022: 200,000 North Face accounts hacked in credential stuffing attack.

51. Optus – September 2022: Optus attack exposes customer information. Personal details of 1.1 million customers purportedly offered for sale.

52. Uber – September 2022: Teen hacker gets into Uber, announces data breach on chat software. Uber investigating ‘cyber security incident’ after report of breach. Company forced to shut internal communications and engineering systems. Uber Investigating Massive Security Breach by Alleged Teen Hacker. Uber in ‘unforgivable’ security breach.

53. Fremantle Football Club – September 2022: Fremantle apologise for AFL data breach

54. TikTok – September 2022: TikTok Hacked, Denies Security Breach Allegations - TikTok denies security breach after hackers claim to have records of more than a billion users

55. SSKB – October 2022: Australian strata company SSKB breached

56. Microsoft – October 2022: Microsoft data breach exposes customers’ contact info, emails

57. AFP – October 2022: AFP classified documents hacked in data leak, exposing agents fighting drug cartels

58. Vinomofo – October 2022: Online wine seller Vinomofo was hit in a major data breach. Vinomofo data breach: 500,000 customers at risk after wine dealer hit by cyber-attack

59. Medibank – October 2022: Medibank admits personal data stolen in cyber attacks. Medibank Group detects cyberattack, takes several services offline as a precaution. Medibank receives contact from hackers | Group requests negotiations over customer data.

60. Woolworths MyDeal – October 2022: Woolworths MyDeal becomes latest target of cyber attack. What information was leaked and what can you do if you’re affected? Woolworths says data of 2.2 million customers of its MyDeal website has been exposed

61. Twitter – November 2022: More than 5 million Twitter users at risk after alleged security breach

62. WhatsApp – November 2022: WhatsApp denies data leak as company hit by anonymous online threat

63. The Smith Family – November 2022: The Smith Family warns supporters of stolen personal data amid hack on Australian charity. Children’s charity The Smith Family hit by cyberattack

64. Harcourts – November 2022: Harcourts Melbourne City real estate agency advises customers of data breach.

65. Victorian Government | PNORS Technology Group – November 2022: Victoria has ordered an investigation into a potential data breach. Here’s what happened.

66. BWX (Flora & Fauna) – November 2022: Credit card details likely exposed in skincare online shopping hack

67. Fire Rescue Victoria – December 2022: Fire Rescue Victoria investigating a security incident. Cyber attack cripples Fire Rescue Victoria | Firefighters resort to mobile phones and radio.

68. LastPass – December 2022: Parsing LastPass’ data breach notice

69. TPG Telecom – December 2022: TPG Telecom joins list of hacked Australian companies, shares slide.

70. State Office of Victoria – December 2022: Data breach hits Victoria’s revenue office

71. LJ Hooker – December 2022: Real estate agency LJ Hooker hit with data breach

72. Telstra – December 2022: Telstra blames privacy breach on ‘database misalignment’ | Published details of unlisted customers online. Telstra explains how an internal data breach exposed more than 130,000 customers’ details. Telstra apologises after customer data breach. Telstra slips up as details of 130,000 customers go online. Telstra privacy breach sees customer details made public

It is important for all organisations, regardless of size, to be aware of the risks associated with data breaches. Taking the necessary steps to protect against possible cyber-attacks could help prevent costly data breaches from occurring in the future.

Your security is our Priority.

Your friendly Support Team

This is Part of our Cyber Security awareness educational campaign. Through this training, you will learn awareness and key principles, and best practices to protect yourself, your organization, and the public from cyber attackers. You will also be equipped with the knowledge to identify potential threats and take action before any damage can occur.