Aussie Travel Cover, one of Australia’s leading travel insurers, was compromised in an illegal data breach incident, which exposed data of three quarters of a million Australian residents. The data breach initially took place in 2014, but customers were in the dark, until now.
The firm, which is also Allianz Global Assistance’s ‘authorized representative’, suffered an SQL injection attack last December, allegedly from a Queensland-based hacker. The attack enabled the hacker to insert malicious code in the firm’s systems and breach databases to collect customer information.
Australian Federal Police is now investigating the attack, but the claimed hacker posted the information that was breached courtesy of the attack. It outlines data theft from Aussie Travel Cover’s systems, and includes details of 770,000 insurance policies, as well as customer addresses, names, date of birth, and even the number of children included in the policy.
ABC’s PM program’s report informed the hack took place on December 18, 2014, and ATC notified third party agents a few days later. However, policy holders were not informed, and some customers were unaware of the breach until ABC informed them. Under the current legislation in Australia, companies are not required to report data breaches.
The affected firm said no bank details or credit cards records were kept on the database or website, but the ABC has seen records which show the last and first part of credit card numbers with the rest of numbers redacted.
The company knew about the hack for more than a month, and took steps to try to fix the vulnerabilities exposed by the hacker. It took its website down for an entire month to fix the issue.
The hacker, known online by the name ‘Abdilo’, claims to be a Queensland-based teenager. He exploited an SQL injected vulnerability to breach the records. His own claims on Pastebin.com revealed he utilized the same technique to compromise dozens of websites.
The listed websites also include sites for government organizations at federal and state level, along with sites of educational institutions, and other private and public sector organizations abroad and in Australia.
The hacker’s list of targets contains 8 websites operated by Australian government at federal and state level, including those operated by the ANSTO (Australian Nuclear Science and Technology Organization), ACMA (Australian Communications and Media Authority), and the Australian Public Service Commission.
He also wrote on Pastebin that his plan was to “mess with ANSTO’s nuclear reactor, but the closest I got was stealing all of their error logs & chemicals & scientist doxes”. Dox is an online slang used for identity data.
The hacker said boredom lead him to conduct the attacks.
A rise in targeted hack attacks by many new individuals and groups are emerging on a daily basis, as the case above indicates. What government and insurance companies need to do to protect their servers is implement real-time actionable intelligence that enables them to take proactive action and counter-actions to protect the digital infrastructure and security.
Massive’s Strixus and other similar solutions can track systems and data breaches in real-time to decipher data threats in several languages, so hacking attempts from outside Australia can also be detected. Such options utilize a robust, bespoke algorithm, which is customized for different firms.
As a result, companies can keep their finger on the pulse with close to real-time data attack alerts, details on the incident as well as threat levels indicated.