noodls browser compatibility check

The security settings of your browser are blocking the execution of scripts.

To use noodls, javascript support must be enabled. Please change your browser's security settings to enable javascript.

If you have changed your browser's security settings, you can click here.

related announcements

News

Children's National Medical Center[...]

Leucovorin, FRAT testing and autism - Children's National
Children's National Medical Center[...]

Understanding autism beyond the headlines - Children's National
Boston University

BU Men’s and Women’s Cross Country Heading to Patriot League[...]

International News

OAIC - Office of the Australian Information Commissioner

10/29/2025 | Press release | Distributed by Public on 10/28/2025 20:28

Vinomofo did not protect personal information from security risks, Privacy Commissioner finds

Published: 29 October 2025

Privacy Commissioner Carly Kind has found online wine wholesaler Vinomofo Pty Ltd interfered with the privacy of almost a million individuals by failing to take reasonable steps to protect the personal information it held from security risks which ultimately led to a data breach.

This represented a breach of its obligations under Australian Privacy Principle 11.1 of the Privacy Act, the Privacy Commissioner's determination stated.

The Privacy Commissioner observed that Vinomofo's culture and business posture failed to value or nurture attention to customer privacy, as exemplified by failures regarding its policies and procedures, training, and cultural approach to privacy, in concluding Vinomofo contravened the Privacy Act.

In 2022 Vinomofo experienced a data breach that occurred amid a large data migration project. The data breach resulted in unauthorised access to its customers' personal information. At the time of the Incident, the database held approximately 17GB of data, which included the personal information of approximately 928,760 individuals (customers and members) comprising identity information such as gender and data of birth, contact information and financial information.

Commissioner Kind said the determination provides a clear application of APP 11.1 in the context of data migration projects, and in particular speaks to entities' obligations when using cloud infrastructure providers to house personal information.

The Commissioner concluded that the totality of steps taken by the respondent were not reasonable in the circumstances to protect the personal information it held from misuse, interference and loss and unauthorised access, modification or disclosure.

"The respondent was aware of the deficiencies in its security governance and that it needed to uplift its security posture at least 2 years prior to the Incident," Commissioner Kind said.

The Commissioner made a number of declarations stating the respondent must not repeat or continue certain acts and practices.

The full determination can be accessed on Austlii.

OAIC - Office of the Australian Information Commissioner published this content on October 29, 2025, and is solely responsible for the information contained herein. Distributed via Public Technologies (PUBT), unedited and unaltered, on October 29, 2025 at 02:29 UTC. If you believe the information included in the content is inaccurate or outdated and requires editing or removal, please contact us at [email protected]

Back

View original format