A data breach victim suffered additional emotional toll when she was charged by the courts and fined US$1.2 million. The Australian victim from Byron Bay had her information compromised in the Medibank data breach in October 2022. This is the only breach of her information that she is aware of. Later that year, hackers took control of her PayPal account in a credential stuffing attack. Credential stuffing is where attackers attempt to gain access to accounts using username and passwords source from data leaks. After her PayPal account was compromised, attackers used the account to make hundreds of fraudulent transactions, trading hundreds of counterfeit under her account. Soon after, the victim was served electronically with papers from the US District Court of Florida with charges filed by Adidas and the National Basketball Association for cybersquatting, trademark infringement and IP infringement. The court ran the cases ex parte, where there isn’t a requirement for all parties in the case to be present. And the courts awarded damages against the victim of $200,000 to NBA and $1 million to Adidas. Six months later and the Byron Bay victim is no closer to clearing her name. Even though the US court judgement will need to be registered with the local courts in Australia for it to be enforced, this could affect the victim’s ability to travel to the US. The office for the minister for cyber security and home affairs is current assisting the victim and referring the matter to the Australian Federal Police.
This segment was created for the It’s 5:05 podcast