By Greg Sallis
Redaction is the process of removing or obscuring sensitive information from documents before they are released to the public. However, even with the best intentions, redaction fails can occur, resulting in the accidental release of sensitive information.
During 2022 alone, several notable redaction fails have taken place in Australia, exposing the personal information of millions of individuals. In this article, we will take a look at the top 5 redaction fails in Australia, highlighting how customer PII was affected and what steps organizations should have taken to mitigate the risks and protect their users.
Medibank
In October 2022, Australia’s leading health insurance provider, Medibank, announced that nearly its entire customer base data was accessed by an unauthorized third party– amounting to 4 million people. The information leaked includes PII such as names, birthdates, email addresses, credit card details, IDs, and medical records. Miscreants responsible for the leak have released the data to the dark web where other criminals can use the data for illicit activities.
MyDeal
A subsidiary of Woolworths, MyDeal was also the victim of a cyber attack in October 2022. MyDeal is a retail marketplace that connects customers and retailers online. The hacker used compromised credentials to access the company’s CRM, where they could view and download customer data. MyDeal puts the number of those affected at roughly 2.2 million users– with information such as names, phone numbers, and email & physical addresses. Fortunately, there wasn’t payment information, passwords, or government IDs exposed in the leak.
Optus
Touted as one of the worst breaches in Australia’s history, the telecommunication company Optus suffered an attack where customer PII such as names, birthdates, and phone numbers were exposed for nearly 10 million people. A large portion of users also had data such as passports, driver’s licences, and physical addresses leaked in the breach. Believed to be a state-backed attack, the criminal organization was able to bypass Optus’ firewall and export the data.
Singtel
In a separate attack that happened 2 years prior, Singtel– Optus parent company– announced in October 2022 that the PII of nearly 130,000 customers and nearly 30 businesses were compromised. This included data such as National Registration Identity care information, phone numbers, names, and addresses.
Vinomofo
Vinomofo announced in mid-October 2022 that it suffered a data breach that affected nearly all 500,000 of its customers. Sensitive information leaked included customer data such as names, birthdates, phone numbers, and addresses. The attackers accessed the info through a “test” database that was connected to the site but not live.
How Could These Companies Better Protected User Data?
These redaction failures could have been mitigated by implementing a better redaction process, double-checking that user data isn’t easily viewed by unauthorized parties, and ensuring that sensitive information is properly encrypted. Organizations should also provide regular training for employees to ensure they are aware of best practices for handling sensitive information.
Finally, companies can leverage the power of software solutions like iDox.ai which uses AI-powered technology to automatically redact sensitive information so when breaches do happen, customer PII is still safe. Want to learn more about how iDox.ai can keep your business and customers protected? Contact us today to speak with our friendly professionals to see how the iDox.ai solution can improve your data security.