2019's cyber security breaches in Australia

Posted by Kendall King on Oct 17, 2019 9:32:15 AM
Kendall King
Find me on:

2019's cyber security breaches in Australia

Cyber security breaches in Australia rose by almost 80% in 2018. Due to the increase in the number of cyber breaches, it has exposed a vulnerability for Australian businesses. Over 60% of organizations in Australia do not have the resources necessary to respond to cyber security attacks. Companies have been urged to place a more significant investment in cyber security awareness and incident management.

In order to increase awareness that a cyberattack can affect anyone, here is our list of high-profile breaches that affected Australian businesses in 2019.



PayID allows banking customers to use their mobile number or email address as a form of identification for payment. This circumvents the need to provide a BSB and account number. This freedom came with a price when more than 90,000 users had their bank account details and personal data leaked after PayID was hacked via Credit Union Australia.

The good news is that no financial transactions took place and the information that was stolen cannot be used to facilitate financial payments.


LandMark White

LandMark White is an independent property valuation and consulting organization based in Sydney.

Early this year, personal details, driver’s licenses and property valuations of 275,000 individuals were made available on the dark web by Stephen Grant, a trusted contractor of the firm. Grant was arrested under the suspicion that he gained unauthorized access to the firm’s database and documents that he uploaded to the dark web. It is estimated to have cost LandMark White close to $8 million.



Canva is one of Australia’s biggest software companies. It is an online service that can be used to design and create content, logos, or other marketing collateral.

On May 24, Canva experienced a security breach. According to the hacker behind the attacks, data for roughly 139 million users was taken. The stolen data included details such as customer usernames, email addresses and locations. Password hashes were also present for 61 million users.



Puma’s Australian online store was taken down after it was discovered to have been infected by the Magecart malware. Hackers managed to disguise the malware on Puma’s website and could steal the shoppers' credit card information during the checkout process.


Australian Catholic University

Australian Catholic University was the target of a cyberattack on 22 May 2019. The data breach affected staff email accounts and the University system was also compromised.

The data breach originated from a phishing attack, where an email had been spoofed, making it appear to have been sent from inside ACU. This tricked users into clicking on a link where they were asked to enter their credentials on a fake ACU login page.

Staff login credentials were obtained successfully via the attack and were used to access email and bank account details of the staff members.


Princess Polly

Princess Polly, an Australian online fashion retailer, fell victim to a data breach that exposed customers' personal and payment information. The company has claimed that they do not store payment information on the website, they said the attackers might have captured payment details when shoppers entered them into the site. There is also speculation that the attackers may have also taken passwords, usernames, shipping and billing details.

In this ever-growing cyber landscape, threats are lurking at every turn. Security Awareness Training is essential as it ensures that employees are fully aware of the consequences of failing to protect their organization from outside attacks.

If you would like to learn more about Security Awareness Training or how your business can improve its security posture, speak with one of our security experts today.


If you liked this article, you may also like:

How to create an application whitelisting policy

Security Culture & Awareness

Patching is key to the ASD Essential 8: Do it right in 7 steps


Kendall King

Account Executive


If your network future-proofed?


Do you believe what you see?

What used to be an internet oddity has developed i...

The end of trust?

Trust no-one! The ‘Zero Trust’ approach sets up a ...