Cyber Incident Victim: Australian Institute of Company Directors

On October 24, 2022, the Australian Institute of Company Directors (AIDC) hosted an online conference via LinkedIn Live to launch its new "cybersecurity governance principles." The event featured prominent participants, including Federal Minister Clare O’Neil and Cyber Security Cooperative Research Centre CEO Rachael Falk, reflecting heightened interest in cybersecurity following recent high-profile breaches at Optus and Medibank Private. The conference was scheduled to begin at 1:00 PM but failed to launch on time, leaving thousands of attendees unable to access the livestream. During the delay, an unauthorized user exploited LinkedIn’s chat function to post a fraudulent Eventbrite link prompting participants to enter credit card details. AIDC issued urgent warnings through the chat, advising users not to interact with any links. Attendees reported mounting frustration in the chat as the event remained inaccessible.

Approximately 30 minutes after the scheduled start time, a deceptive link mimicking an official AICD URL appeared in the chat, which some users attempted to use despite prior warnings. These attempts failed, compounding user complaints. AIDC subsequently canceled the event entirely. CEO Mark Rigotti acknowledged the incident that evening, stating it was unclear whether any credit card information had been compromised and urging affected individuals to contact their card issuers. He issued a public apology, admitting the event’s technical and security failures fell below the organization’s standards and member expectations. The breach disrupted a high-profile initiative intended to bolster cybersecurity governance credibility, compounding reputational damage amid Australia’s ongoing cybersecurity crisis. No additional technical details about the attack vector, perpetrator identity, or long-term corrective actions were disclosed in initial statements.