Entered any online radio competitions? Voted online for contestants in a TV show? If so, you are more than likely to be impacted by the recent MediaWorks data breach. MediaWorks own many of NZ’s popular radio stations, and are often involved in TV show tie-ins, like voting in The Block NZ.
Cybercriminals managed to steal information from a MediaWorks database used to store data about people who entered online radio and TV competitions. The cybercriminals say they have stolen information for 2.5 million New Zealanders, although MediaWorks say the actual number is lower due to duplications in the data.
The stolen information is what is known as Personally Identifiable Information (PII), which is information that can be used to individually identify you. Cybercriminals use PII for identity theft, making scams seem more plausible, and even blackmail.
The information stolen from MediaWorks includes people’s full names, date of birth, gender, address, post code, and phone numbers. Survey responses, uploaded videos & images, music content, and electoral information may have also been stolen. MediaWorks say no passwords, financial information, bank accounts, or credit card details were stolen.
The cybercriminals are selling the information on the Dark Web to other cybercriminals. They have also sent ransom emails to some individuals caught up in the breach, offering to delete their stolen PII information for US$500 (NZ$820) in Bitcoin (this is almost certainly a further scam).
What to do
If you receive a ransom message from the cybercriminals, do not respond to it, and do not pay it. Engaging with cybercriminals often leads to further demands and will almost certainly not result in the deletion of your data.
Be extra vigilant for cyber scams. Cybercriminals will use your PII to create more sophisticated phishing emails, phone calls and texts, targeted specifically at you, making scams harder to spot.
If you are a business owner, ensure your team don’t use work email addresses, phone numbers, or other information when entering personal, non-business related online competitions.