19.2 C
Melbourne
Tuesday, December 24, 2024

Trending Talks

spot_img

Football Australia data breach exposes players’ passports, contracts

[ad_1]

The leak was independently confirmed by cybersecurity researcher Jamieson O’Reilly, founder of cybersecurity firm Dvuln.

“Considering the exposure lasted for at least 681 days, it’s plausible that external attackers discovered and utilised these keys,” he said.

Football Australia CEO James Johnson: The soccer organisation has suffered a mass cybersecurity incident.

Football Australia CEO James Johnson: The soccer organisation has suffered a mass cybersecurity incident.Credit: James Brickwood

“This data is highly sensitive, particularly the personally identifiable information of players and the infrastructure scripts, which could contain more credentials, leading to further unauthorised access.

“The lack of effective monitoring in this case raises questions about the security practices in place. Regular monitoring for unusual activities or unauthorised access can quickly flag potential security breaches.”

The breach is the latest cybersecurity incident to impact a high-profile Australian organisation.

Late last year, researchers discovered a data breach impacting Melbourne travel agency Inspiring Vacations, in which a non-password protected database containing about 112,000 records totalling 26.8 gigabytes was leaked online.

An image showing a secret key that allowed  Football Australia data to leak.

An image showing a secret key that allowed Football Australia data to leak.Credit: Jamieson O’Reilly

Tens of millions of Australians have been caught up in recent security breaches including customers of Optus, HWL Ebsworth, Latitude Financial, Medibank, DP World and Dymocks, in what’s being dubbed a “new normal” of consistent attacks and leaks.

The Optus data breach was similar to the incident impacting Football Australia in that an unprotected endpoint left the personal data of some 10 million customers publicly exposed and subsequently leaked to the dark web.

Loading

That breach led to new legislation significantly increasing penalties for serious or repeated breaches of customer data. Organisations that fail to adequately protect peoples’ data now face fines of $50 million or more.

“When Australians are asked to hand over their personal data they have a right to expect it will be protected,” Attorney-General Mark Dreyfus said when introducing the legislation.

“Unfortunately, significant privacy breaches in recent weeks have shown existing safeguards are inadequate. It’s not enough for a penalty for a major data breach to be seen as the cost of doing business.”

More to come

[ad_2]

Source link

Serendib News
Serendib News
Serendib News is a renowned multicultural web portal with a 17-year commitment to providing free, diverse, and multilingual print newspapers, featuring over 1000 published stories that cater to multicultural communities.

Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles