Nova radio network admits huge data breach
Nova has cautioned subscribers to change their passwords. Photo: AAP
Media company Nova Entertainment says information it collected from listeners over a two-year period has been “publicly disclosed”.
The company says it recently became aware listener information from May 2009 to October 2011 has been leaked and it is in the process of contacting those affected.
Nova operates FM-band stations in Melbourne, Sydney, Brisbane, Adelaide and Perth.
“We have notified the Office of the Australian Information Commissioner of this incident, and we are in the process of contacting law enforcement bodies,” CEO Cathy O’Connor said in a statement.
“We will fully and transparently engage with these entities in relation to this incident.”
The information disclosed may include names, gender, dates of birth, addresses, emails and phone numbers and user account details such as user names and passwords, which are protected by a security technique, known as ‘hashing’.
While passwords are not visible in plain text, there is a risk they can be decrypted, potentially allowing others to gain unauthorised access to online accounts.
Nova is encouraging those affected to change their passwords for their email accounts and all other online accounts using the same email address, username or password, including email, social media and online bank accounts.
“We take privacy, and the security of the information we collect from our listeners very seriously, and on behalf of Nova Entertainment I deeply and sincerely regret that this incident has occurred,” Ms O’Connor said.
“We are fully committed to achieving the best possible outcome for anyone affected by this incident.”
The company says no other information, including copies of identity documentation or financial information, was disclosed.
Ms O’Connor says Nova’s investigation is “substantial and ongoing”.
“Upon confirming the validity of this incident, we immediately engaged leading privacy, IT and cyber security consultants to understand the circumstances of the disclosure,” she said.
“We are taking all necessary measures to ensure the strength and effectiveness of our cyber security, and there is currently no evidence of any suspicious activity or threats on Nova Entertainment’s systems.”
The company is notifying those affected of the steps it has taken in its investigation and how they should prevent any potential misuse of personal information.
Ms O’Connor said further information will be provided when available.
Nova operates commercial radio networks in metropolitan and regional areas of Australia, a pay television station and mobile brands.