Sarah Luke was one of the people whose data was breached in the Medibank hack last year, as well as in a PayPal hack a month later. She didn’t initially think too much of it — until a US court charged her with a whole host of crimes and told her she owed two companies almost $2 million in damages.
Nearly 10 million Medibank customers’ private data was compromised in the attack in October, and 200GB worth of personal information was dumped by hackers onto the dark web in November.
Sarah Luke, who lives in Byron Bay, was one of those affected. She didn’t think anything would happen to her though — until she received a notice of legal action in her inbox.
“I thought it was a scam, another hoax, and I deleted the first email,” she told ABC News.
“After subsequent emails, I realised, there’s something in this, this is real.
“The charges were cybersquatting, trademark infringement, IP infringement, things I don’t know anything about.”
Luke was charged in the United States with an array of offences after Adidas and the NBA took legal action against her. She was told she had to pay damages of USD$1.2 million (AUD$1.8 million) to them.
According to Luke, the drama began after the Medibank hack which exposed her data to the dark web in the October/November attack. Shortly after that, she says hackers took control of her PayPal account in a credential stuffing attack that affected 35,000 customers.
BTW, credential stuffing is essentially when hackers use automation or AI to try username and password combinations found in leaked data. It’s like a trial-and-error system.
Between December 6 and 8, Luke said hundreds of fraudulent transactions were made with her account — and then she was served with papers via email from the US District Court of Florida, which outlined the Adidas case against her. Aaaaand then again from the District Court of Illinois about a case filed by The NBA (National Basketball Association).
The courts allowed the companies to run their cases “ex parte” which basically means they don’t need the person they’re accusing to be present for the case.
According to the ABC, default judgements were handed down which awarded damages of USD$200,000 (AUD$293,000) to the NBA and USD$1 million (AUD$1.5 million) — which Sarah Luke is still expected to pay, six months later.
Luke, who is a single mum with four kids, has taken the matter to NSW Police, the Australian Consumer Complaints Authority, the Australian Financial Complaints Commission and the Australian Security Centre to no avail.
“I’ve come up against so many barriers trying to sort this out,” she said, per ABC News.
“I have felt unheard and unseen by so many organisations and parties.
“It just goes on and on and I don’t know where to go now — I don’t know who to turn to.”
Luke has hit up an intellectual property lawyer in the US (who comes with an initial engagement fee of $14,800) in an attempt to fix this, but she’s riddled with anxiety about what happens next.
“The anxiety that this causes, not knowing if they are going to come and take our house, can they freeze my assets, can they get access to my bank accounts?” she said.
“We just don’t know and it really is a case of guilty until I can prove otherwise.”
ABC News spoke to a bunch of legal experts, some of whom said the corporations who filed a complaint against Sarah Luke would need to lodge it with local courts if they want it enforced in Australia, since it’s a different jurisdiction.
However, even if they never actually pursue the money (this is common for brands who are just taking legal action to flex their big corporate muscles and scare off scammers), the case could still affect Luke if she ever wants to travel to the US.
Medibank denies Sarah Luke’s situation was a result of the 2022 hack — it told the ABC that her password wasn’t leaked in the breach, so therefore it believes it had nothing to do with it.
The Department of Home Affairs told the ABC it would offer to refer Luke’s case to the AFP.
The post An Aussie Woman Who Was The Victim Of 2 Data Breaches Has Been Told She Owes Adidas & NBA $1.8M appeared first on PEDESTRIAN.TV .