Security Breach Announcement By Australia’s Nova Entertainment

A case of ‘better late than never’, Nova Entertainment, a mainstream Aussie Media firm publicly confessed that during the period between May 2009 to October 2011 (from seven to nine years ago) the company’s servers were breached. The information leak includes the full name, gender, birthdate, address, phone numbers and login details of the user in the form of hashes.

“Nova Entertainment has recently become aware that a legacy dataset containing information collected from our listeners during the period from May 2009 to October 2011, including information that you provided to us, has been publicly disclosed,” said Cathy O’Connor, Chief Executive Officer of Nova Entertainment.

The media giant has not disclosed why it took them 7 years after the incident to admit the data breach and issue a public apology due to it.

“We can confirm that no other information, including copies of identity documentation or financial information is contained in the dataset disclosed in this incident. We have notified the Office of the Australian Information Commissioner of this incident, and we are in the process of contacting law enforcement bodies. We will fully and transparently engage with these entities in relation to this incident. Upon confirming the validity of this incident, we immediately engaged leading privacy, IT and cyber security consultants to understand the circumstances of the disclosure,” explained O’Connor.

Nova Entertainment operates SmoothFM, 93.7FM and Coles Radio. The company is expected to disclose more information as investigation is still ongoing as of this writing. This breach incident is unique compared to a typical data breach usually gets disclosed to the public at the soonest possible time after the discovery.

“We have set up a dedicated webpage (https://www.novaentertainment.com.au/dataincident) which contains advice about the steps you can take to protect your information and a dedicated email mailbox (privacy@novaentertainment.com.au) should you have any further questions. We have also engaged IDCARE, Australia and New Zealand’s national identity and cyber support service, to provide individuals affected by this incident with assistance and support. We encourage anyone affected by this incident concerned about the potential misuse of their personal information to contact IDCARE on 1300 432 273 (Australia) or +61 7 5373 0400 (International), or visit IDCARE’s website: https://www.idcare.org/contact/contact-us,” added O’Connor.

O’Connor also announced the scheduled dates where victims of the data breach can reach-out with them for an appointment with IDCARE staff. It is still unknown if the dates she provided are enough to cover 261,948 people that were affected by the breach.

“We take privacy, and the security of the information we collect from our listeners very seriously, and on behalf of Nova Entertainment I deeply and sincerely regret that this incident has occurred. We are fully committed to achieving the best possible outcome for anyone affected by this incident,” concluded O’Connor.

The media company is appealing to all their users to change their passwords at the soonest possible time in order to minimize the possibility of their accounts being used by the perpetrator of the breach.