Nova notifies listeners of data breach
Nova Entertainment has admitted that listeners’ data from the period of May 2009 to October 2011 has been “publicly disclosed”.
Nova sent a note to the consumers whose data has been leaked on Thursday morning, however it was not clear how the incident occurred, or how far the information had traveled.
CEO Cathy O’Connor said in the note the company will remain transparent with those affected and provide them with guidance on how they can prevent further misuse of their information.
In addition, O’Connor noted the company was taking the incident seriously and had engaged various consultants to understand the magnitude of the issue and the circumstances around how it came to be.
“Our investigation is substantial and ongoing,” the note from O’Connor said. “We are taking all necessary measures to ensure the strength and effectiveness of our cyber security, and there is currently no evidence of any suspicious activity or threats on Nova Entertainment’s systems.”
Law enforcement bodies are being notified, she said.
The extent of the data breach varies from person to person, however it appears name, gender and date of birth are among the information made available, as well as residential addresses, emails and phone numbers. User account details were also leaked.
O’Connor apologised for the incident and said the company is working towards the best outcome.
The full note from Nova:
Nova Entertainment has recently become aware that a legacy dataset containing information collected from our listeners during the period from May 2009 to October 2011, including information that you provided to us, has been publicly disclosed.
We are contacting you to advise you of the steps we have taken to address this incident, and to provide you with guidance on how you can prevent any potential misuse of your information.
Upon confirming the validity of this incident, we immediately engaged leading Privacy, IT and Cyber Security consultants to understand the circumstances of the disclosure. Our investigation is substantial and ongoing. We are taking all necessary measures to ensure the strength and effectiveness of our cyber security, and there is currently no evidence of any suspicious activity or threats on Nova Entertainment’s systems. We will provide further information as it becomes available.
We have notified the Office of the Australian Information Commissioner of this incident, and we are in the process of contacting law enforcement bodies. We will fully and transparently engage with these entities in relation to this incident.
The types of information disclosed in this incident varies from person to person, but generally includes biographical information (such as name, gender and date of birth), contact information (such as residential address, email address, and telephone number), and user account details (such as user names and passwords, which were protected by ‘hashing’). We can confirm that no other information, including copies of identity documentation or financial information is contained in the dataset disclosed in this incident.
We have set up a dedicated webpage (https://www.novaentertainment.com.au/dataincident) which contains advice about the steps you can take to protect your information and a dedicated email mailbox (privacy@novaentertainment.com.au) should you have any further questions.
We have also engaged IDCARE, Australia and New Zealand’s national identity and cyber support service, to provide individuals affected by this incident with assistance and support. We encourage anyone affected by this incident concerned about the potential misuse of their personal information to contact IDCARE on 1300 432 273 (Australia) or +61 7 5373 0400 (International), or visit IDCARE’s website: https://www.idcare.org/contact/contact-us.
During the Christmas period, IDCARE will be available to assist individuals affected by this incident on the following dates between 10 am and 3 pm AEST:
Thursday, 27 December 2018
Friday, 28 December 2018
Wednesday, 2 January 2019
Thursday, 3 January 2019
Friday, 4 January 2019.
From Monday 7 January 2019 onwards, IDCARE will be available Monday – Friday from 8 am until 5 pm AEST. You can also access IDCARE’s Learning Centre for further information at: https://www.idcare.org/learning-centre/learning-centre.We take privacy, and the security of the information we collect from our listeners very seriously, and on behalf of Nova Entertainment I deeply and sincerely regret that this incident has occurred. We are fully committed to achieving the best possible outcome for anyone affected by this incident.
Cathy O’Connor, CEO, Nova Entertainment
I think my personal information was leaked in this hack. If any of my friends find out that I like Katy Perry – I am dead.
User ID not verified.
Every week there is yet another story about a hack or “data breach”. There are two types of companies: ones that have already been hacked and ones that *will* be hacked. In this age of identity theft, it is mystifying that anyone is still giving real data to any website, let alone birth dates, full names & addresses. Given the various leaked powerful NSA tools the hackers now have, it is impossible to guarantee that *any* company/website is secure. The technology is now just so complex that it *cannot* be secured. The russians are now using old fashioned typewriters to document state secrets to paper, which is stored in old fashioned physically secure areas. If the russians (who are master hackers) feel the need to do this as they can’t protect themselves, then the rest of us are screwed. That goes for stuff such as electricity “smart meter” data and health record data. If you are not terrified by this, then you *don’t* understand. And if you stupidly say that you “have nothing to hide”, then please give me your credit card number and pin.
User ID not verified.
I mean, it’s shit… but since it affected me, i’m glad they let me know
User ID not verified.
Hey Will Smith, I like your style. All the points you mentioned are correctomundo.
Kind regards,
Anon
User ID not verified.