Last updated 11 November 2022

 

What happened?

The AMEB website was the target of a cyberattack that breached the security of the AMEB online shop database on the following dates: 

  • Between Wednesday, 12 October 2022 and Tuesday, 18 October 2022
  • Between Tuesday, 1 November 2022 and Wednesday, 9 November 2022

The attackers intended to access customer credit card data. Any transactions made during this time may have been exposed.

The attackers also accessed the AMEB online shop customer database.

 

In the earlier incident, the attackers also may have accessed the AMEB online shop customer database. 

You may have received a recent email notification informing you of this recent cyberattack from online@ameb.edu.au. 

Some customers have also received a follow-up email to "Please Confirm Subscription" (see below).This is a legitimate email from AMEB, you are under no obligation to subscribe. 

Who is impacted?

1. Customers who purchased through the AMEB online shop between Tuesday, 1 November and Wednesday, 9 November 2022—may be impacted.  

The information that may have been disclosed is your name, email, phone number, address and credit card information.   

If you made your purchase via PayPal or ZIP during this period, your payment credentials remain secure.  

Your date of birth has not been exposed, as this information is not stored in our AMEB online shop.  

 

2. Customers who purchased through the AMEB online shop between Wednesday, 12 October and Tuesday, 18 October — may be impacted.  

The information that may have been disclosed is your name, email, phone number, address and credit card information.   

If you made your purchase via PayPal or ZIP during this period, your payment credentials remain secure.  

Your date of birth has not been exposed, as this information is not stored in our AMEB online shop.

 

2. Customers who purchased through the AMEB online shop prior to Wednesday, 12 October — may still be impacted.

The information that may have been disclosed is your name, email, phone number and address.   

The AMEB online shop does not store: credit card information, date of birth, or license information - this has not been exposed.

Who is secure?

The following websites and systems have not been compromised and remain secure. 

AMEB state websites:

  • Australian Capital Territory
  • New South Wales
  • Northern Territory
  • Queensland
  • South Australia
  • Tasmania
  • Victoria
  • Western Australia

Additional websites:

  • AMEB SCORE
  • AMEB Connect New South Wales
  • AMEB Connect Victoria
  • AMEB Queensland systems

What you can do.

If your credit card information has been exposed, contact your bank or credit card provider to advise that your credit card information may have been accessed during a recent transaction on the AMEB website.
Change your password for your email and AMEB shop accounts.
Look out for suspicious or unexpected activity across online accounts, including bank accounts. Report any fraudulent activity immediately to the related provider.
Look out for contact from scammers who may have personal information. This may include suspicious emails, texts, phone calls or messages on social media.
Never click on any links that look suspicious and never provide passwords, or any personal or financial information.
If people call posing as a credible organisation and request access to computer, always say no.

AMEB will never contact customers requesting your passwords or other sensitive information. AMEB does not store any credit card numbers or financial information of its customers.

What AMEB is doing

Immediate action

When we identified the initial cyberattack, we immediately shut down our site, removed all malicious code and applied security patches. Once we did this, we understood the site to be secure.  

It is now clear that the initial cyberattack included a hidden pathway for the perpetrator/s to return to access the back end of ameb.edu.au/shop and stage a second attack.  

We have now taken additional steps to restrict system access, and our internal and external IT teams have confirmed that the site is safe. 

While this second breach is extremely disappointing, we will continue to act quickly and provide clear and transparent advice to affected customers.

Other AMEB online systems, including the online stores of our state-based operations and SCORE, remained secure. 

 

What are we doing to improve our cybersecurity

We’re continuing to work with a range of external cybersecurity professionals to review all our internet security and virus protection systems.  We have also notified the Office of the Australian Information Commissioner (OAIC). 

We take customer privacy very seriously and will continue to work diligently to protect customers' personal information. 

Please read through our Privacy Policy and  FAQs below, and if you have any further queries, don't hesitate to contact our Federal Office. 

We take customer privacy very seriously and will continue to work diligently to protect customers' personal information.

 

Please read through our FAQs below, and if you have any further queries, don't hesitate to contact our Federal Office.

 

 

FAQs: Cybersecurity (updated 11 November 2022)

I made a purchase through the AMEB online shop (ameb.edu.au/shop) between November 1 - 9 using my credit card. What should I do?

We strongly recommend you contact your bank or credit card provider as soon as possible. Many banking apps also enable you to place a temporary block on your card. 

Advise your bank that your credit card information may have been accessed during a recent transaction on the AMEB website. Your bank should be able to assist you further to secure your account.

I made a purchase through the AMEB online shop (ameb.edu.au/shop) between November 1 - 9 using PayPal or Zip Pay. Is my financial information at risk?

No.

Customers who purchased using PayPal and Zip Pay during this time have not had their financial information exposed.

However, personal information and credit card details may have been disclosed, as the cyberattack also targeted our customer database.

I made a purchase through the AMEB online shop (ameb.edu.au/shop) between October 12 - 18 using my credit card. What should I do?

We strongly recommend you contact your bank or credit card provider as soon as possible. Many banking apps also enable you to place a temporary block on your card. 

Advise your bank that your credit card information may have been accessed during a recent transaction on the AMEB website. Your bank should be able to assist you further to secure your account.

I made a purchase through the AMEB online shop (ameb.edu.au/shop) between October 12 - 18 using PayPal or Zip Pay. Is my financial information at risk?

No.

Customers who purchased using PayPal and Zip Pay during this time have not had their financial information exposed.

However, personal information and credit card details may have been disclosed, as the cyberattack also targeted our customer database.

When did the cyberattack occur?

The checkout of the AMEB online shop was exposed from October 12 to October 18, 2022, and from November 1 to November 9, 2022. It is possible that our customer database was also compromised during this time. 

Has my personal information been disclosed?

Your personal information may have been exposed if you purchased through the AMEB online shop in the last five years.

What should I do now?

We strongly recommend heightening your awareness across your accounts through the following actions: 

  • If your credit card information has been exposed, contact your bank or credit card provider to advise that your credit card information may have been accessed during a recent transaction on the AMEB website.  
  • Change your password for your email and AMEB online shop accounts.  
  • Look out for any suspicious or unexpected activity across your online accounts, including your bank accounts. Make sure to report any fraudulent activity immediately to the related provider.  
  • Look out for scammers contacting you who may have your personal information. This may include suspicious emails, texts, phone calls or messages on social media.  
  • Never click on any links that look suspicious or provide your password or personal or financial information.  
  • If people call posing as a credible organisation and request access to your computer, always say no.

How do I change my AMEB online shop password?

If you are logged into your account:

  • Click the My Account icon (located in the top right corner of the page), and the AMEB account dashboard will appear. 
  • Your name and email with the option to change your password will appear under Account Information.

If you are not logged into your account: you have 2 options.

 Option 1

  • Log in to your AMEB account by clicking on the My Account/Log-in icon (located in the top right corner) on the homepage.
  • Your AMEB account dashboard will appear.
  • Your name and email with the option to change your password will appear under Account Information.

 Option 2

  • Click on the "forgot password" link on the log-in portal to receive an email directing your password. 

Who can help me protect my data in future?

You can find helpful advice at https://www.cyber.gov.au/

Why didn't your security systems identify this threat sooner?

The particular type of cyberattack we experienced was highly sophisticated and not widely seen yet.  

Security solutions (patches) to defend against this type of cyberattack have since been released by Adobe and applied to the AMEB online shop and website.  

What we are doing to prevent this from happening again?

Additional security solutions (patches) to defend against this type of attack have since been released by Adobe and applied by cybersecurity professionals to the AMEB online shop and website.  

Cybersecurity professionals have also applied added encryption software to the AMEB online shop and website. We have now taken additional steps to restrict system access. 

We are also implementing an additional layer of monitoring and we believe the site is safe. 

While this breach is extremely disappointing, we have acted quickly and provided clear and transparent advice to affected customers. 

If your online shop is now secure, can I make purchases?

Yes. The AMEB online shop is now secure.

If you are still concerned, we suggest paying by PayPal or Zip Pay for an additional layer of security.

I have purchased through AMEB Connect. Is my data at risk?

No.

AMEB state office online stores and websites, including AMEB Connect, are managed independently of the AMEB online shop.  

They have not been compromised and remain secure.

I'm booked into an AMEB exam — are any other AMEB systems impacted?

No — this attack specifically targeted www.ameb.edu.au/shop.  

Other AMEB online systems, including online enrolment systems, SCORE and other state-based websites and enrolment platforms, have not been compromised by this cyberattack and remain secure.

I purchased an online theory course. Is my data at risk?

No — this attack specifically targeted www.ameb.edu.au/shop.  

Other AMEB online systems, including online enrolment systems, SCORE and other state-based websites and enrolment platforms, have not been compromised by this cyberattack and remain secure.

Can you remove my personal information from your database?

Yes.

Don't hesitate to contact us at online@ameb.edu.au with your name and email. We will notify you when this has been completed.

Do you have my credit card details saved?

AMEB does not store customer credit card numbers or financial information.

Please read our Privacy Policy for more information.

Has this incident been reported to the relevant authorities?

AMEB is completing the Australian Privacy Principles set out in the Privacy Act 1988 regarding this cyberattack.

Please read our Privacy Policy for more information.

It's not good enough.

We are sincerely sorry this has occurred.  

We recognise this incident may be distressing for customers. Please be assured we take customer privacy very seriously and will continue to work diligently to protect customers' personal information. 

As recent headlines indicate, cybersecurity is a continual challenge for all businesses. We take every precaution to protect customer data and actively review our IT practices to prevent cyberattacks.


If you have questions about our Privacy Policy and practices, would like to provide feedback or would like to access or correct your personal information held by us, please Contact us.

For more information, please read our Privacy Policy.

Was this a scam email?

No.

The AMEB online shop was the target of a cyberattack. You will have received an email as an impacted customer. 

Depending on the timeframe of your purchase from the AMEB online shop, a combination of your personal and credit card information may have been exposed. 

We recognise this incident may be distressing for our customers.

Create an account

Create an account to enjoy express checkout and manage your purchases.

Forgot your password

Enter your email address and we will email you a link to reset your password.

Create an account for exclusive discounts, express checkout and all the latest from us.

Create account