Nearly 900,000 client records including names, addresses, and phone numbers have been stolen from travel insurer Aussie Travel Cover by a suspected member of the Lizard Squad hacking crew.
The hacker released databases including those detailing customer policies and travel dates along with a list of partial credit card information.
The company discovered the hack December 18 and informed agents five days later, but did not inform policy holders or customers.
The company told the ABC it was working with police but made no comment on the hack.
Hacker @abdilo_ took credit for the breach.
The supposed Queenslander has goaded police by claiming on their Twitter feed to have hacked various websites using SQL injection.
Cybercrime reporter Brian Krebs thought Adbillo was affiliated with Xbox One and Playstation hacking group Lizard Squad and its DDOS-as-a-service offering.
The hacker has issued a series of invective and antisec-flavoured tweets claiming to have popped agencies, businesses and hospitals using mainly SQL injection. In one illustrated tweet he appeared to state his lack of concern for his possible arrest.
The failure to inform customers of the breach has prompted scorn from the technology community which largely follows that hacked entities should notify those affected as soon as possible. ®