Article Written by Katina Jaye Beveridge, ASBAS Advisor, Western Sydney Business Centre.

The leak of a database containing the records of Apple HealthKit and Google FitBit users, as well as several other brands of fitness tracker products, has highlighted the critical importance of securing customer databases, potentially putting more than 61 million people – including an unknown number in Australia – at risk of compromise by opportunistic cyber criminals.

It is owned by GetHealth, a New York-based provider of health data services and includes 61,053,956 total records. The leak compromised the following information: names, weight, height, dates of birth, gender, and location.

Aside from Apple HealthKit and Google FitBit, the leak also contained information from other devices, such as 23andMe, Life Fitness, Daily Mile, FatSecret, GoogleFit, Jawbone UP, MapMyFitness, Microsoft, Misfit, MapMyWalk, Moves App, PredictBGL, Sony Lifelog, Strava, VitaDock, Runkeeper, Withings, Android Sensor, and S Health.

Earlier this June, a special NSW Police and Cyber Security NSW strike group discovered that people’s sensitive health-related information was stolen from NSW Health due to the Accellion leak.

With hackers now targeting smaller businesses and individuals, the data you hold with your customers details could be compromised.

How do you know if your data has been compromised?

If you want to know if any of your data has been compromised, not just from this info breach but others as well, visit Haveibeenpwned.com and enter the information you want to search for. You can check if your email or phone number has been included in a data breach. The website will also provide information on said data breaches.

What to do if you business accidentally leaks customer data has been breached?

All data breaches should be reported to the Office of the Australian Information Commissioner (OAIC). This is according to The Privacy Act 1988 designed to protect the privacy of individuals and their personal information. The Privacy Act provides extra provisions in the handling of health information, which is considered one of the most sensitive types of data.

If your data has been compromised,

  • Change your passwords immediately and
  • Enable 2FA on all online programs.
  • Be cautious with emails from larger companies you many have visited online. They could be phishing emails
  • Most of all, implement safe internet practices to minimise the damage of data breaches.

Whilst cyber security is often not a propriety for small businesses, it can cause a lot of damage if not implemented.