MediaWorks, a major New Zealand media company, has fallen victim to a cyber breach, which has exposed the personal data from over 2.4 million individuals.
The Breach
A hacker, operating under the pseudonym OneERA on a hacking forum, claims to have secured a vast amount of personal data from MediaWorks. This incident was unveiled through a forum post dated 14 March, where OneERA highlighted their intention to sell the acquired data.
source
Data Stolen:
Total Records Stolen: 2,461,180
Types of Data:
- Names
- Home addresses
- Mobile and home phone numbers
- Email addresses
- Dates of birth
- User postal codes
- Genders
- UserIDs
- Voting information
The stolen data includes questionnaire responses, including children’s details, music and video materials, along with some voting and election specifics. The leak also includes data from competitions like “The Block NZ” between 2017 and 2020.
Hacker’s Motive and Potential Use of Data
The intention behind stealing and selling personal data generally revolves around the goal of financial gain with identity theft, executing scams, or phishing attacks.
In this case, the hacker’s aim to sell the data could lead to widespread misuse, affecting the privacy and financial security of millions of New Zealanders.
MediaWorks’ Response
Upon acknowledgment of the cyber security incident on 15 March, MediaWorks secured current competition entries into a new database. The company is currently investigating the breach to understand the full scope and to prevent future incidents.
Recommendations for Affected Individuals
Following the cyber breach at MediaWorks, which compromised the personal data of over 2.4 million New Zealanders, individuals concerned about their privacy and security can take these proactive steps:
- Check for official communications from MediaWorks regarding the breach. The company is likely to notify affected individuals through email or direct contact.
- Monitor financial transactions and account activity for any signs of unauthorised access or suspicious actions.
- Update passwords and security questions for online accounts, especially for services where similar personal information was used. For tips on creating strong passwords, visit our password best practices
- Be cautious of phishing attempts via email or phone. Hackers might use the stolen information to trick individuals into revealing more sensitive data.
- Consider a credit freeze or fraud alert on credit files to prevent new accounts from being opened in your name without verification.
- Report suspicious activities to the relevant financial institutions and authorities to take immediate action.
- Stay informed about best practices for digital privacy and security to enhance personal data protection. Our Cyber Security Guide is a great place to start.
