Stored hardware leads to legacy data breach for Australian radio station operator

Australian radio station operator, Nova Entertainment, has disclosed that contents of a legacy dataset holding listeners’ information obtained over the years has been leaked into the public domain.

As reported by the itnews website, the station’s CEO, Cathy O’Connor revealed in an official statement that the data had originally been collected between May 2009 and October 2011.

Within the dataset were multitudes of personal data taken from the station’s listener base, including hashed passwords, names, contact details and other pieces of sensitive data.

Speaking to itnews, O’Connor said:

“We can confirm that no other information, including copies of identity documentation or financial information is contained in the dataset disclosed in this incident.”

No further details were given by Nova Entertainment regarding the discovery of the data breach, nor when the hackers stole the information. It is believed that the illicitly obtained data file had been stored on mothballed hardware.

In a statement published online, Nova said:

“We have engaged leading Privacy, IT and Cyber Security consultants to help us understand the circumstances of the disclosure. Those investigations are substantial and ongoing. We will provide further information as it becomes available.”

“Nova Entertainment takes its privacy obligations very seriously and is investing significant resources into investigating the source of the disclosure of the dataset. We have engaged leading Privacy, IT and Cyber Security consultants to help us understand this and will work with law enforcement as required.”

O’Connor added:

“We take privacy, and the security of the information we collect from our listeners very seriously, and on behalf of Nova Entertainment I deeply and sincerely regret that this incident has occurred. We are fully committed to achieving the best possible outcome for anyone affected by this incident.”

“Our investigation is substantial and ongoing. We are taking all necessary measures to ensure the strength and effectiveness of our cyber security, and there is currently no evidence of any suspicious activity or threats on Nova Entertainment’s systems,” she continued.


European Data Protection Summit will take place on June 3rd in Central London and will play host to 800 DPO’s, Security Professionals and senior business decision makers looking for; information, updates, clarity, advice and solutions. For more information, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.