This is a work in progress. While we strive for accuracy, some breach details may be incomplete or pending verification.

Nova Entertainment

Summary

Nova Entertainment, one of Australia's largest radio networks operating stations including Nova, smoothfm, and FIVEaa, disclosed in January 2019 that listener data from a historical database spanning May 2009 to October 2011 had been publicly exposed. The breach affected listeners who had entered competitions, registered for promotions, or interacted with Nova stations during this period across multiple capital cities.

What Happened

Hacking. Unauthorised parties gained access to a legacy Nova Entertainment database containing listener information from the 2009-2011 period. The exposed data included names, email addresses, phone numbers, postal addresses, and dates of birth of listeners who had participated in radio competitions, signed up for station communications, or registered through Nova's websites. The database had been retained from an older system and was discovered to be publicly accessible. Nova only became aware of the exposure in January 2019, nearly eight years after the database was last actively used, when notified by external sources.

Impact on Individuals

  • Historical Data Exposure: Personal contact details from up to a decade ago exposed
  • Phishing Risk: Email addresses and phone numbers enabled targeted scam campaigns
  • Outdated Information: Many affected listeners may have changed addresses, creating potential for misdirected identity theft attempts
  • Competition Participants: People who simply entered radio contests found their details compromised
  • Trust Breach: Listeners who engaged with popular radio brands had their information mishandled

While the data was dated, it still provided scammers with verified contact information and personal details useful for social engineering attacks.

Response

Nova Entertainment immediately secured the exposed database and notified affected listeners via email. The company reported the breach to the Office of the Australian Information Commissioner and engaged cybersecurity experts to investigate how the database became accessible and ensure no other legacy systems were similarly exposed. Nova apologised for the breach and advised affected individuals to be alert for phishing emails or phone calls. The radio network implemented enhanced data retention and security policies, including regular audits of legacy databases and improved controls for decommissioned systems. The incident highlighted the ongoing security risks posed by historical databases that organisations may have forgotten about but which contain valuable personal information. +++

Verification Source: View original statement