The continuation of hacks and why you and your supply chain need to be ISO27001 Certified.

1.?????? Canva – May 2019: Impact 137 million users impacted.

2.?????? Latitude Finance – March 2023: Impact 14 million customers including many from when they took over GE finance. Records were never moved off the system and archived? Why?

3.?????? Optus – Sept 2022: Impact 9.8 million users. Same no archive in place.

4.?????? Medibank – Dec 2022: Impact 9.7 million users. Same no archive in place.

5.?????? ProctorU – July 2022: Impact 444,000 people. Same no archive in place.

6.?????? Australian National University – Nov 2018: Impact 200,000 students.

7.?????? Eastern Health – Mar 2021: Impact 4 hospitals.

8.?????? Service NSW – April 2020: Impact 104,000 people.

9.?????? Melbourne Heart Group – Feb 2019: Impact 15,000 patients

10.?? Australian Parliament House – Feb 2019: Impact multiple political party network - Labor, Liberal, Nationals etc.

?

Online Application provider hacked and taken off-line for several days with a national customer base who could not do their work. High costs to remediate along with existing customer base looking for alternative solutions.

Another one to consider is whether your IT service provider is ISO27001 Certified? In August 2023 one was hacked in Melbourne, and then the bad guys worked out how to access their customer base resulting in them stealing Terabytes of data from them and requesting a ransom be paid. This service provider had to notify all their customers and options had to considered by them to remain or look for an alternative service provider. Their customers were medical, accounting, real estate, engineering/construction etc.

The question is: Do these customers know about ISO27001 and to ask to see the certification of any other service provider that they turn to? Probably at this stage, not. However, this is starting to change as awareness continues to build up.