By Steven Mew, the Australian Science Media Centre

Australians may have been subject to another data breach this week, with a hacker group called ShinyHunters claiming to have stolen the personal data of millions of Ticketmaster customers worldwide.

Media are reporting that there are as many as 560 million Ticketmaster customers affected, with the hacker group advertising the data on the dark web for the equivalent of $AU750,000.

As Aussies are still coming to terms with previous hacks, such as the Medibank and Optus data breaches in 2022, and the Latitude data breach in 2023, it seems that significant data breaches are becoming all too common.

"The Ticketmaster attack highlights our new cyber normal," Professor Matthew Warren from the RMIT Centre for Cyber Security Research and Innovation told the AusSMC in an Expert Reaction.

"If steps are not undertaken by organisations to improve their cyber security then the situation will be repeated time after time," he said.

According to the Office of the Australian Information Commissioner, malicious or criminal attacks are the leading cause of data breaches, and were the likely cause of 67% of breaches reported to the Notifiable Data Breaches (NDB) scheme between July and December last year.

The NDB scheme found that in that time period, the top sectors to report data breaches included health service providers (22%), and finance and superannuation sectors (10%).

Dr James Scheibner from Flinders University said as with other recent data breaches, the most recent breach demonstrates that companies which collect large quantities of personal and financial information represent a prime target for cybercriminals.

According to Dr Scheibner, this breach highlights the urgent need for the Federal government to push forwards with reforms to the Privacy Act.

"These reforms would bring Australian laws in line with those in other jurisdictions, such as the European Union and California, and impose heightened security requirements on companies gathering large amounts of personal data," he said.

According to Professor Nigel Phair from Monash University, the current legislative approach is not working, and so organisations are not putting sufficient effort into cyber risk management or adequately informing their customers when there is a cyber security incident.

"Organisations need to be more proactive in their communications and inform the public what has happened and how they are remediating the situation," Prof Phair said.

"Consumers need to remain hyper-vigilant in the online world and be on the lookout for unusual emails, SMS or phone calls. They should also look for any suspicious credit card transactions."

Prof Warren had similar advice for people caught up in the recent hack.

"For individuals in Australia that are impacted by the cyber incident, if people feel they have been impacted by a scam they can report it to Scamwatch, and if people are concerned they may have fallen victim to identity theft they can contact IDCARE."

You can read the full AusSMC Expert Reaction here.

This article originally appeared in Science Deadline, a weekly newsletter from the AusSMC. You are free to republish this story, in full, with appropriate credit.

Contact: Steven Mew

Phone: +61 8 7120 8666

Email: info@smc.org.au