News and Updates on Information Technology

Australia – Scouts Victoria

Exploit: Phishing
Scouts Victoria: Youth Organization

Risk to Small Business: 2.227 = Severe

Someone needs to spend more time working on their “Phishing Defense” merit badge at Scouts Victoria after an employee fell for a phishing attack exposing the personally identifiable data of thousands of members. The youth organization provides empowerment, community support, and job training for young people. The incident happened in late July and August 2020. Scouts Victoria said it has notified the victims of the breach and has contacted relevant government authorities, including the Office of the Australian Information Commissioner (OAIC) and the Department of Human Resources.

Individual Risk: 2.317 = Severe

Sensitive information including names, phone numbers, credit card information, ID documents including passport information and driver’s license details, and bank details were exposed ion the breach, but it’s unclear if that data belongs to youth members, parents of members, or adult volunteers.

Customers Impacted: 900 estimated at this time, but the organization’s full membership includes 17,000 youth members and 5,000 adult volunteers.

How it Could Affect Your Customers’ Business: Phishing is a dangerous proposition that every business faces daily, but businesses who store sensitive information, especially about children, need to be sure that their data is protected even if a staffer falls for a phishing attack.

Source:
https://portswigger.net/daily-swig/scouts-victoria-reports-data-breach-after-employee-duped-by-phishing-campaign