Jack O'Sullivan
March 4 2021
Oxfam Australia breach proves no organisation is off limits to hackers
Oxfam Australia recently confirmed that it fell victim to a cyber-attack last month, following their donor databases being put up for sale on a hacker forum. This database contained a whopping 1.7 million user records, including names, phone numbers, email addresses, home addresses, and some users' history of donations. For a few unlucky donors, the criminal may also have got their hands on their bank details - account numbers, partial credit card numbers, and the name of their bank.
The charity investigated the situation and had this to say:
"Following an independent IT forensic investigation, Oxfam Australia announced today that it has found supporters’ information on one of its databases was unlawfully accessed by an external party on 20 January 2021.
The database includes information about supporters who may have signed a petition, taken part in a campaign or made donations or purchases through our former shops. Oxfam is contacting these supporters directly to inform them of the specific types of information relevant to them,"
This attack against an established non-profit organisation proves once again that, unfortunately, charities are not exempt from threat actors' list of targets. Read more here.
Malaysia Airlines reveals that it suffered a nine year long, ongoing data breach
Personal data of Malaysia Airlines' Enrich frequent flyer scheme has been compromised in a data breach that spanned March 2010 to June 2019. Hackers got their hands on members' names, DoBs, contact info, gender, and their frequent flier info - number, tier level, status, etc. While there's no evidence so far that payment details were stolen or Enrich members' personal data was misused in any way, users have been encouraged to change their passwords just in case.
The airline is laying the blame at the feet of one of its third-party IT service providers, but the reputational damage of this breach - especially considering it continued for so long - will most likely affect Malaysia Airlines the most. Will customers continue to trust the airline with their data, or are there too many snakes on this plane? Malaysia Airlines had this to say about the situation:
“The airline is monitoring any suspicious activity concerning its members’ accounts and in constant contact with the affected IT service provider to secure Enrich members’ data and investigate the incident’s scope and causes.” Read more here.
The UK's first Amazon Fresh is now open for business
Amazon has opened it's first check out-free grocery store outside of the US, and you can find it at the street entrance of a shopping centre in Ealing.
Upon entering, customers are required to scan a smartphone app, then all they need to do is pick their items and simply walk out of the store, where they'll be automatically billed as they exit. The store stocks a plethora of own-brand items, but also has the usual third-party products. On top of that, customers can also use the Amazon Fresh store to pick up and return goods they bought from Amazon online.
The technology used to make Amazon Fresh a reality started with the US's Amazon Go stores which opened in 2018. Since then, the system has been heavily advanced to the point where it can differentiate varying bouquets of flowers, magazines, and greetings cards, which wasn't possible three years ago. Utilising hundreds of cameras and depth-sensors - as well as deep-learning AI techniques, this complicated process makes shopping a whole lot simpler.
Frictionless shopping experience or part of the slow march towards a dystopian, over-surveilled society? Amazon most definitely has its fingers in hundreds of different pies, but they're providing the efficiency and seamless customer experiences that people seem to want, and they're using the latest tech to do it. The question is: what is Amazon going to do with all that data? Read more here.
Want the latest technology and cybersecurity news? Check out our Twitter page for upcoming tech world developments and data breach updates, or get in contact with a member of our team to see how our security services can keep your organisation out of the headlines.