It was bound to happen sooner or later. But this soon? The first data breach of the New Year, disclosed just hours into 2019, affects 30,000 individuals.
It was inevitable but it only took a few hours this week for the first data breach of 2019 to make it into the books.
30,000 employees who work for the government of Victoria, the executive authority of the Australian state of Victoria, received an email on January 1 that some of their data may have been compromised.
The issue stems from an incident a week prior, on December 22, in which a third party managed to compromise a Victorian government employee email account and in turn secure access to an employee directory. The third party reportedly accessed non-sensitive data, like employee names, work phone numbers, and job titles.
WE DIDN’T EVEN MAKE IT THROUGH ONE DAY IN 2019!!! https://t.co/ywjaIkngTl
— Troy Hunt (@troyhunt) January 1, 2019
According to the Australian Broadcasting Corporation, which reported the news early on New Year's Day, some of the employee's mobile phone numbers may have also been accessed, assuming they were entered by employees into the directory.
Details around the incident are scant; it’s unclear how exactly someone was able to obtain access to an employee’s email account, why exactly the victim had access to the list, and whether any other data was implicated in the breach.
As Suelette Dreyfus, a researcher in cybersecurity and privacy at University of Melbourne told the news station, it's likely the information could be used in targeted attacks like spam, phishing, or social engineering attempts.
For what it’s worth, Victoria's Department of the Premier and Cabinet (DPC) reportedly informed the Victoria Police, the Australian Cyber Security Centre and the Office of the Victorian Information Commissioner of the breach.
“As the investigation remains ongoing it would be inappropriate for DPC to comment any further on technical aspects of the incident,” the DPC spokesperson told publications this week, “The Government will ensure any learnings from the investigation are put in place to better protect against breaches like this in the future.”
As is to be expected, it didn’t take long for another breach to make headlines in the New Year.
Choice Rehabilitation Center, a Missouri-based chronic pain therapy center, disclosed this week that it too had fallen victim to an email-based hack. The facility said that one of its corporate email accounts had been hijacked for months, from July 1 to September 30, a span over which they forwarded billing documents and other emails to their personal email account.
BlankMediaGames, the makers of a game called Town of Salem, also announced this week that 7.6 million of its users had their information breached.