Nova Entertainment suffers data breach

National radio station operator Nova Entertainment has warned that a “legacy dataset” of information collected from listeners has been breached and “publicly disclosed”.

CEO Cathy O'Connor said in a statement that the data was collected between May 2009 and October 2011 and included personal and contact information and hashed passwords.

“We can confirm that no other information, including copies of identity documentation or financial information is contained in the dataset disclosed in this incident,” O’Connor said.

Nova did not say how the breach was uncovered nor when it took place, though it suggested the breached file was stored on otherwise dormant hardware.

“The disclosed dataset is a legacy dataset, and was compiled and stored on a system which is no longer used by Nova Entertainment,” it said in FAQs published on a dedicated website.

O’Connor said that the company had engaged “privacy, IT and cyber security consultants to understand the circumstances of the disclosure.”

“Our investigation is substantial and ongoing,” she said.

“We are taking all necessary measures to ensure the strength and effectiveness of our cyber security, and there is currently no evidence of any suspicious activity or threats on Nova Entertainment's systems.”

The company said it had notified the Office of the Australian Information Commissioner of the incident, as well as undisclosed “law enforcement bodies”.

Nova said that affected individuals - which Fairfax reported could number up to 250,000 - could access assistance and support from IDCARE.