From ChatGPT leaks to ransomware attacks, we explore the biggest data breaches from across the region.
Vulnerabilities in data and overall cybersecurity are escalating concerns in the Asia-Pacific (APAC) and the Middle East (ME) regions. Despite increased efforts, the regions have witnessed a series of significant data breaches in 2023, underscoring the critical need for comprehensive cybersecurity measures.
Raymond Teo, Cyber Leader at PwC South East Asia Consulting, emphasises the escalating threat of data breaches in the APAC region. As cyber threats become more sophisticated, companies realise the importance of a holistic approach to cybersecurity, with regulators pressuring improvements to enhance cyber resilience and public trust.
Underscoring the need for cyber alarms, the region has unfortunately been a hotbed for serious data breaches in 2023, as the following high-profile incidents demonstrate.
List of High-profile Incidents
- GamkenBot Scalper Bots: GamkenBot is an appointment scheduling bot developed by Israel to expedite appointment scheduling with government agencies. However, the developers made the source code available to the public, which led to attackers making scalper bots that found and booked all available appointments. This was then monetised by selling appointments to citizens.
- Cellebrite Data Breach: An Israeli company that provides digital data collection, analysis and management services called Cellebrite was targeted by hackers. Hackers were able to steal 1.7 TB of data from the company in a massive data breach. It has yet to be revealed who carried out the attack or the techniques they used.
- Chemical Production Attacks: In January 2023, a hacktivist group called Electronic Quds Force launched a campaign targeting Israeli chemical production companies. The message was to “Leave their employment. Look for a new one”. The hackers posted screenshots with the interfaces of the automated control system on its Telegram channel, which confirmed the compromise of one of the chemical plants.
- Irrigation System Disruption: Farm irrigation systems in the Jordan Valley, and wastewater treatment control systems that the Galil Sewage Corporation operates, were targeted by hackers. The attack appears to have been part of OpIsrael, an anti-Israel hacktivist campaign.
- Tasmanian Education Data Exposure: The Tasmanian education department fell victim to a cyber attack, exposing thousands of documents on the dark web. Approximately 150,000 individuals and businesses were notified of potential data compromise, demonstrating the scale and impact of the breach.
- Samsung ChatGPT Leaks: Samsung faced breaches of confidentiality protocols as employees shared sensitive company data with the AI-powered chatbot ChatGPT. This incident raised concerns about internal information security and employee compliance.
- Toyota Customer Information Compromised: A cloud misconfiguration in Toyota’s server infrastructure exposed the sensitive data of over two million customers, highlighting the significance of proper data handling rules and security measures.
- Latitude Attack Causes Breach: Latitude Financial reported a data breach impacting over 14 million customers, revealing the compromise of personal data, including driver’s license details, passport copies, and Medicare numbers.
- Search Uncovers Bangladesh Citizen Details: The personal information of over 14 million Bangladeshi citizens was accidentally exposed through the Office of the Registrar General, Birth and Death Registration’s website, emphasising the need for robust cybersecurity measures.
- Patient Data Stolen from Pathology Clinic: TissuPath, an Australian pathology clinic, faced a cybersecurity incident potentially exposing ten years’ worth of referral letters, demonstrating the importance of securing healthcare-related data.
- Indonesian Passport Data Offered for Sale: The data of over 34 million Indonesian passport holders was breached and offered for sale, underscoring the continuous challenges in protecting citizens’ personal information.
- Pareto Phone Charity Data Woe: Pareto Phone, a Brisbane-based telemarketing firm, experienced a cyber attack resulting in the exposure of Australian charity donors’ personal information on the dark web. The incident raised concerns about data management and privacy laws.
- Ransomware Attack Hits Australian Law Firm: HWL Ebsworth, an Australian law firm, fell victim to a ransomware attack, leading to the compromise of client information and employee data. The incident highlighted the ongoing threats posed by ransomware groups.
- BSI Data Incident Reported: Bank Syariah Indonesia reported a data breach, with account information of 15 million customers exposed online. The incident underscored the need for continuous efforts to enhance cybersecurity and prevent disruptions.
In summary, the region faces persistent challenges in cybersecurity, with high-profile data breaches exposing vulnerabilities in various sectors. Continuous efforts, regulatory improvements, and industry collaborations are essential to mitigate these threats and ensure robust cybersecurity measures.