Football Australia data breach exposes players’ passports, contracts
The leak was independently confirmed by cybersecurity researcher Jamieson O’Reilly, founder of cybersecurity firm Dvuln.
“Considering the exposure lasted for at least 681 days, it’s plausible that external attackers discovered and utilised these keys,” he said.
Football Australia CEO James Johnson: The soccer organisation has suffered a mass cybersecurity incident.Credit: James Brickwood
“This data is highly sensitive, particularly the personally identifiable information of players and the infrastructure scripts, which could contain more credentials, leading to further unauthorised access.
“The lack of effective monitoring in this case raises questions about the security practices in place. Regular monitoring for unusual activities or unauthorised access can quickly flag potential security breaches.”
The breach is the latest cybersecurity incident to impact a high-profile Australian organisation.
Late last year, researchers discovered a data breach impacting Melbourne travel agency Inspiring Vacations, in which a non-password protected database containing about 112,000 records totalling 26.8 gigabytes was leaked online.
An image showing a secret key that allowed Football Australia data to leak.Credit: Jamieson O’Reilly
Tens of millions of Australians have been caught up in recent security breaches including customers of Optus, HWL Ebsworth, Latitude Financial, Medibank, DP World and Dymocks, in what’s being dubbed a “new normal” of consistent attacks and leaks.
The Optus data breach was similar to the incident impacting Football Australia in that an unprotected endpoint left the personal data of some 10 million customers publicly exposed and subsequently leaked to the dark web.
Loading
That breach led to new legislation significantly increasing penalties for serious or repeated breaches of customer data. Organisations that fail to adequately protect peoples’ data now face fines of $50 million or more.
“When Australians are asked to hand over their personal data they have a right to expect it will be protected,” Attorney-General Mark Dreyfus said when introducing the legislation.
“Unfortunately, significant privacy breaches in recent weeks have shown existing safeguards are inadequate. It’s not enough for a penalty for a major data breach to be seen as the cost of doing business.”
More to come
The leak was independently confirmed by cybersecurity researcher Jamieson O’Reilly, founder of cybersecurity firm Dvuln.
“Considering the exposure lasted for at least 681 days, it’s plausible that external attackers discovered and utilised these keys,” he said.
Football Australia CEO James Johnson: The soccer organisation has suffered a mass cybersecurity incident.Credit: James Brickwood
“This data is highly sensitive, particularly the personally identifiable information of players and the infrastructure scripts, which could contain more credentials, leading to further unauthorised access.
“The lack of effective monitoring in this case raises questions about the security practices in place. Regular monitoring for unusual activities or unauthorised access can quickly flag potential security breaches.”
The breach is the latest cybersecurity incident to impact a high-profile Australian organisation.
Late last year, researchers discovered a data breach impacting Melbourne travel agency Inspiring Vacations, in which a non-password protected database containing about 112,000 records totalling 26.8 gigabytes was leaked online.
An image showing a secret key that allowed Football Australia data to leak.Credit: Jamieson O’Reilly
Tens of millions of Australians have been caught up in recent security breaches including customers of Optus, HWL Ebsworth, Latitude Financial, Medibank, DP World and Dymocks, in what’s being dubbed a “new normal” of consistent attacks and leaks.
The Optus data breach was similar to the incident impacting Football Australia in that an unprotected endpoint left the personal data of some 10 million customers publicly exposed and subsequently leaked to the dark web.
Loading
That breach led to new legislation significantly increasing penalties for serious or repeated breaches of customer data. Organisations that fail to adequately protect peoples’ data now face fines of $50 million or more.
“When Australians are asked to hand over their personal data they have a right to expect it will be protected,” Attorney-General Mark Dreyfus said when introducing the legislation.
“Unfortunately, significant privacy breaches in recent weeks have shown existing safeguards are inadequate. It’s not enough for a penalty for a major data breach to be seen as the cost of doing business.”
More to come
Denial of responsibility! Techno Blender is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – [email protected]. The content will be deleted within 24 hours.