This week, mandatory data breach notification laws led to the discovery of a third-party hack which compromised airport security identification cards at numerous regional Australian airports.

Yet again we saw a major data breach this week, right here in Australia.

Aviation ID Australia are a company who supply digital security access cards to staff and officials at regional and rural airports around the country.

They announced that their website had been breached by an ”unauthorised entity” to all affected parties, their MD wrote an email detailing;

“Aviation ID Australia … advise that a localised portion of our website has been intentionally accessed by an unauthorised entity. Unfortunately, we cannot confirm exactly what information has been accessed, however personal information that may have been breached includes name, street address, birth certificate number, drivers licence number, Medicare card number and ASIC number.”

Prior to May this year, a hack like this may have been slid under the carpet or fixed and forgotten about, but since the Australian mandatory data breach regulations came in things have changed.

In this case, Aviation ID Australia ideally would have had constant monitoring of their assets, which may have included storing personal data away from the website itself. Similarly, through strong governance and a robust cyber security policy it is possible that this hack could have been avoided.

Yet again we ask you to consider the potential reputational and financial losses that could potentially arise from a business who rely on ”security” as being their number one selling point being breached.

AFP are currently investigating this matter due to its close links with aviation security.