The top 9 hacks, data breaches and cyber security threats in APAC
Cyber Security Hub explores some of the biggest cyber security incidents from the Asia-Pacific region over the past 12 months
Add bookmarkIn 2022, 59 percent of business in the Asia-Pacific region reported being the victim of a cyber attack, 32 percent reported being the victim of multiple cyber attacks and the region suffered a shortage of 2.1 million cyber security professionals.
This has culminated in the Asia-Pacific region being victim to a number of high-profile cyber attacks within the last 12 months. In this article, Cyber Security Hub explores the most impactful cyber attacks, data breaches and cyber security incidents from across the region.
Contents
- New Zealand government compromised in third-party attack
- Medibank suffers data leak that affects 9.7 million people
- Toyota admits to data breach after access key is posted on GitHub
- MyDeal data breach impacts 2.2 million people
- Vulnerabilities in GPS tracker could put 1.5 million vehicles in danger
- Data breach sees Telstra employees’ details posted online
- Details of 11 million customers accessed in Optus data breach
- Samsung employees allegedly leak proprietary information via ChatGPT
- Location data of two million customers exposed in Toyota data breach
New Zealand government compromised in third-party cyber attack
In December 2022, an IT managed service provider that supports a range of organizations across New Zealand including several within its government suffered a cyber attack, compromising access to its data and systems.
Those affected by the cyber security incident includes some providers contracted to Te Whatu Ora (Health New Zealand), although health service delivery was not been affected.
The Ministry of Justice was also affected by the third-party data breach and confirmed the cyber attack impacted access to some coronial data. This allegedly included thousands of autopsy reports.
New Zealand’s National Cyber Security Center (NCSC) said that it was coordinating governmental response to the cyber attack, both within the Government Communication Security Bureau and alongside the New Zealand Police, CERT NZ and the Privacy Commissioner.
Lisa Fong, deputy director-general of the NCSC, said that the organization is working with the compromised third party to “understand more fully the nature of the data that has been impacted” and how the cyber attack occurred.
Medibank suffers data leak that affects 9.7 million people
On October 13, 2022, Australian health insurance provider Medibank suffered a data breach which affected 9.7 million people.
The malicious actor responsible for the breach attempted to extort the company by contacting them directly to negotiate the release of the data. Medibank refused, which led to the hacker releasing private medical information obtained in the breach on the dark web.
The hacker posted a file labelled “abortions” to a site backed by Russian ransomware group REvil on November 10, 2022, which apparently contained information on procedures that policyholders have claimed on, including miscarriages, terminations and ectopic pregnancies.
They also released files containing customer data called "good-list" and "naughty-list" on November 9, 2022. The so-called “naughty-list” reportedly includes details on those who had sought medical treatment for HIV, drug addiction or alcohol abuse or for mental health issues like eating disorders.
The hacker added to the November 10 data leak post, saying: "Society ask us about ransom, it's a 10 millions (sic) usd. We can make discount 9.7m 1$=1 customer."
During question time in Australian Parliament on November 10, minister of home affairs Clare O’Neil hit back at the hackers, saying: “I want the scumbags behind this attack to know that the smartest and toughest people in this country are coming [at] you.
“I want to say, particularly to the women whose private health information has been compromised overnight, as the minister for cyber-security but more importantly, as a woman, this should not have happened, and I know this is a really difficult time.”
David Koczkar, CEO of Medibank, called the release of the data “disgraceful” and a “weaponization of people’s private information”. He also called those involved in the cyber attack and data leak “deplorable”.
In an attempt to protect those affected by the cyber security incident and the subsequent data leaks, Medibank urged members of the public and the media to not “unnecessarily download sensitive personal data from the dark web” and to “refrain from contacting customers directly”.
Toyota admits to data breach after access key is posted on GitHub
On October 7, 2022, Japanese car manufacturer Toyota issued a statement and an apology after it was discovered that third parties may have gained unauthorized access to customer details between December 2017 and September 2022.
The breach occurred because a section of the source code for T-Connect, an app which allows customers to connect their phone to their car, had been posted on source code repository GitHub in December 2017. As the source code contained an access key for the server, this may have allowed unauthorized access to customer data for five years.
Any customers who registered for the app from December 2017 to September 2022 were at risk for their data being accessed, meaning the data for a potential 296,019 customers may have been leaked. The information available for access included email addresses and customer management numbers. Personal or sensitive information including payment card information, name and address were not accessed.
Following a security investigation, Toyota said that while it “cannot confirm access by a third party based on the access history of the data server where the customer's email address and customer management number are stored, at the same time [it] cannot completely deny it”.
Toyota also said that it would individually notify all those who were affected by the breach.
MyDeal data breach impacts 2.2 million people
Australian online retail marketplace MyDeal confirmed in October 2022 that it was the victim of a data breach that exposed the data of around 2.2 million customers.
The retailer, which is a subsidiary of supermarket chain Woolworths, said that it would be contacting all those affected by the breach via email, as well as alerting the “relevant regulatory authorities and government agencies”.
Woolworths said that the breach was caused by a malicious actor using “a compromised user credential” to gain unauthorized access to MyDeal’s Customer Relationship Management (CRM) system.
Customer information exposed during the cyber attack included names, dates of birth, phone numbers and email addresses. For 1.2 million customers, the data exposed was limited to their email address. Confidential information like passport, payment card and drivers license details is not stored by MyDeal, and therefore was not exposed in the hack.
Vulnerabilities in GPS tracker could put 1.5 million vehicles in danger
A GPS tracker manufactured by Chinese company MiCODUS was been revealed to have numerous critical cyber security vulnerabilities that could allow bad actors to remotely hack a vehicle’s system in August 2022.
At the time of the discovery, the MiCODUS MV720 GPS tracking device had been sold to customers across 169 countries and installed in more than 1.5 million devices.
The critical cyber security issues were first discovered by cyber security startup BitSight. Following the discovery of the vulnerabilities, BitSight informed the US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA).
The CISA confirmed that “successful exploitation of these vulnerabilities could allow an attacker control over any MV720 GPS tracker, granting access to location, routes, fuel cutoff commands and the disarming of various features (e.g. alarms)”.
In a report on the vulnerabilities, BitSight said it had found MiCODUS devices were being used by a range of organizations including “a Fortune 50 energy company, a national military in South America, a national government and a national law enforcement organization in Western Europe, and a nuclear power plant operator”.
It was also revealed that MiCODUS has a global customer base of 420,000, with 1.5 million devices sold. However, BitSight did note that it was unable to determine the number of MiCODUS MV720 units currently in use globally, as well as the number of MiCODUS devices used for personal or businesses uses.
Data breach sees Telstra employees’ details posted online
Australian telecommunications company Telstra revealed on Tuesday that it had been hit by a data breach that had revealed the details of 30,000 current and former employees.
The details included employee’s first and last names and email addresses, and were posted on hacking forum BreachedForums.
In a tweet, Telstra confirmed that the data leak “wasn’t a breach of any Telstra system” and that it has notified its employees and authorities first, before notifying former employees, despite “minimal risk” to them.
You may have heard about a data breach involving Telstra employee details. Here are the key facts:
— Telstra (@Telstra) October 4, 2022
π This wasn't a breach of any Telstra system
π No customer account info was included
π The data includes first/last names and employee email addresses
π The data is from 2017
A Telstra spokesperson said the company had been “made aware of a data breach affecting a third party that included limited Telstra employee information from 2017."
Of the information shared, 12,800 of the employees named were current employees.
Details of 11 million customers accessed in Optus data breach
Australian telecommunication company Optus suffered a devastating data breach on September 22, 2022 that led to the details of 11 million customers being accessed.
The information accessed includes customers’ names, dates of birth, phone numbers, email addresses, home addresses, driver’s license and/or passport numbers and Medicare ID numbers. Payment detail and account passwords were not compromised in the breach.
Optus confirmed that it has now contacted all customers to notify them of the cyber attack's impact, beginning with those who had been affected by the breach and finishing with those who had not had their data accessed.
Someone claiming to be the hacker told Australian journalist Jeremy Kirk that they had “accessed an unauthenticated API endpoint” meaning that they did not have to log in to access the data and that it was “all open to internet for any one[sic] to use”.
A person claiming to be the hacker responsible for the data breach posted a small sample of the customer data stolen to the hacking forum BreachedForums on September 23.
Using the alias optusdata, the hacker demanded that Optus pay them $1mn ransom, or they would leak the data of all 11 million customers affected by the breach. When Optus did not respond to the ransom demand, optusdata then posted a text file of 10,000 customer data records on September 26, allowing other malicious actors to use the data in their own phishing campaigns.
Victims of the breach reported on September 27 that they had been contacted with demands that they pay AU$2,000 (US$1,300) or their data will be sold to other hackers.
However, on the same day, the supposed hacker posted a new message on BreachedForums, rescinding their demand and apologizing to Optus.
The hacker said there were “too many eyes” so they will not be selling the data to anyone and claimed that they had deleted all the data from their personal drive, and that they had not made any copies. They offered an apology also to the 10,200 people who had their data exposed via their posts on BreachedForums, and to Optus itself, saying “hope all goes well with this”.
They finished by saying they “would have reported [the] exploit if [Optus] had [a] method to contact” and that while the ransom was not paid, they “dont[sic] care anymore” as it was a “mistake to scrape publish data in the first place”.
Samsung employees allegedly leak proprietary information via ChatGPT
Employees of South Korean electronics company Samsunghave allegedly leaked confidential company information to AI-powered chatbot, ChatGPT.
According to The Economist Korea, three separate incidents occurred despite the company originally being wary of adopting ChatGPT. Samsung had previously expressed concern that ChatGPT may leak confidential information, issuing a warning to employees to “pay attention to the security of internal information” and not enter private information. Each incident allegedly involved a company engineer entering confidential information into ChatGPT within just 20 days.
Over that time, one engineer allegedly entered Samsung’s source code into the chatbot when looking for a solution to a bug; another recorded a company meeting, transcribed it using an audio-to-text application then inputted the transcription into ChatGPT to create meeting notes; and a third used ChatGPT to optimize a test sequence for identifying yield and defective chips. Disciplinary investigations have been launched into all three.
As ChatGPT is a machine learning (ML) platform, all data inputted is used to train its algorithm, meaning that this proprietary information is now available to all those using the platform. As of January 2023, the application had 100 million monthly active users. ChatGPT itself does warn users to not enter sensitive information for this exact reason.
Location data of two million customers exposed in Toyota data breach
A cloud misconfiguration in car manufacturer Toyota’s servers may have leaked sensitive information belonging to more than two million customers.
The cloud misconfiguration meant that sensitive information for those who subscribed to Toyota services T-Connect, G-Link, G-Link Lite and/or G-BOOK between January 2, 2012 to April 17, 2023 was accessible to unauthorized parties from November 6, 2013 to April 17, 2023.
The data includes location information for impacted vehicles andthe time the vehicle was at said locations, as well as the in-vehicle terminal ID and Vehicle Identification Number (VIN).
Unauthorized parties may have also been able to access “video taken outside the vehicle with a drive recorder collected from corporate services provided [Toyota]” between November 14, 2016 and April 4, 2023.
Toyota cited an “insufficient explanation and thoroughness of data handling rules” as the reason for the cloud misconfiguration. To prevent further leaks, the company has said it will be “thoroughly educating employees and working to prevent recurrence”, as well as introducing “a system to audit cloud settings, conduct a setting survey of the cloud environment and build a system to monitor the setting status on an ongoing basis”.
Toyota has said that once the misconfiguration was discovered, processes were implemented to prevent further data leaks. The company has also said that it will be investigating all cloud environments managed by Toyota to prevent further cloud misconfigurations and leaks.
The car manufacturer will be contacting all those affected by the leaks in addition to setting up a dedicated call center to “answer questions and concerns” from customers.