Nova notifies listeners of data breach

Nova Entertainment has admitted that listeners’ data from the period of May 2009 to October 2011 has been “publicly disclosed”.

Nova sent a note to the consumers whose data has been leaked on Thursday morning, however it was not clear how the incident occurred, or how far the information had traveled.

Nova has apologised for the incident

CEO Cathy O’Connor said in the note the company will remain transparent with those affected and provide them with guidance on how they can prevent further misuse of their information.

In addition, O’Connor noted the company was taking the incident seriously and had engaged various consultants to understand the magnitude of the issue and the circumstances around how it came to be.

“Our investigation is substantial and ongoing,” the note from O’Connor said. “We are taking all necessary measures to ensure the strength and effectiveness of our cyber security, and there is currently no evidence of any suspicious activity or threats on Nova Entertainment’s systems.”

Law enforcement bodies are being notified, she said.

The extent of the data breach varies from person to person, however it appears name, gender and date of birth are among the information made available, as well as residential addresses, emails and phone numbers. User account details were also leaked.

O’Connor apologised for the incident and said the company is working towards the best outcome.

The full note from Nova:

Nova Entertainment has recently become aware that a legacy dataset containing information collected from our listeners during the period from May 2009 to October 2011, including information that you provided to us, has been publicly disclosed.

We are contacting you to advise you of the steps we have taken to address this incident, and to provide you with guidance on how you can prevent any potential misuse of your information.

Upon confirming the validity of this incident, we immediately engaged leading Privacy, IT and Cyber Security consultants to understand the circumstances of the disclosure. Our investigation is substantial and ongoing. We are taking all necessary measures to ensure the strength and effectiveness of our cyber security, and there is currently no evidence of any suspicious activity or threats on Nova Entertainment’s systems. We will provide further information as it becomes available.

We have notified the Office of the Australian Information Commissioner of this incident, and we are in the process of contacting law enforcement bodies. We will fully and transparently engage with these entities in relation to this incident.

The types of information disclosed in this incident varies from person to person, but generally includes biographical information (such as name, gender and date of birth), contact information (such as residential address, email address, and telephone number), and user account details (such as user names and passwords, which were protected by ‘hashing’). We can confirm that no other information, including copies of identity documentation or financial information is contained in the dataset disclosed in this incident.

We have set up a dedicated webpage ( which contains advice about the steps you can take to protect your information and a dedicated email mailbox ( should you have any further questions.

We have also engaged IDCARE, Australia and New Zealand’s national identity and cyber support service, to provide individuals affected by this incident with assistance and support. We encourage anyone affected by this incident concerned about the potential misuse of their personal information to contact IDCARE on 1300 432 273 (Australia) or +61 7 5373 0400 (International), or visit IDCARE’s website:

During the Christmas period, IDCARE will be available to assist individuals affected by this incident on the following dates between 10 am and 3 pm AEST:
Thursday, 27 December 2018
Friday, 28 December 2018
Wednesday, 2 January 2019
Thursday, 3 January 2019
Friday, 4 January 2019.
From Monday 7 January 2019 onwards, IDCARE will be available Monday – Friday from 8 am until 5 pm AEST. You can also access IDCARE’s Learning Centre for further information at:

We take privacy, and the security of the information we collect from our listeners very seriously, and on behalf of Nova Entertainment I deeply and sincerely regret that this incident has occurred. We are fully committed to achieving the best possible outcome for anyone affected by this incident.

Cathy O’Connor, CEO, Nova Entertainment


Get the latest media and marketing industry news (and views) direct to your inbox.

Sign up to the free Mumbrella newsletter now.



Sign up to our free daily update to get the latest in media and marketing.