CyberWatch: Australia

Insight on how cyber risk is being mitigated and managed in Australia and across the globe.

 

1
Australia’s international cyber strategy pivots towards critical technology in neighboring countries
2
Even the Best Fall Down Sometimes: Nine Network suffers large-scale cyber attack
3
No News is Bad News! Big digital platforms flex their influence to no avail.
4
City of Oldsmar, Florida narrowly avoids ‘hot water’ in remote cyberattack on its infrastructure
5
A Home Affair: Department of Home Affairs ordered to compensate Asylum Seekers following inadvertent disclosure
6
Less than two weeks to go: New Zealand Privacy Act commences 1 December 2020
7
Leaky Port: City of Port Phillip Inadvertently Discloses Personal Information on Federal Government Website
8
Australian Privacy Act Under Review
9
Continuing to take its Toll: Toll Group still feeling impacts nine months after experiencing Ransomware Attack
10
Therapy clients become targets of blackmail campaign

Australia’s international cyber strategy pivots towards critical technology in neighboring countries

By Cameron Abbott, Michelle Aggromito, Jacqueline Patishman and Emily Gamaroff

In a bid to maintain stability in the Indo-Pacific region, Australia has pledged $37.5 million to bolster the security and development of critical technology in neighboring countries as part of its updated International Cyber Engagement Strategy. The funding aims to promote the resilience of critical technologies in Southeast Asia and to support Australia’s Pacific neighbours by improving online safety, counter misinformation and to fight cybercrime.

Read More

Even the Best Fall Down Sometimes: Nine Network suffers large-scale cyber attack

By Cameron Abbott, Warwick Andersen, Rob Pulham and Max Evans

Channel Nine has suffered the largest cyber attack on a media company in Australia’s history, according to reports from IT News, the AFR and Nine News.

The cyber attack, reported by Channel Nine as a variation of a ransomware attack, struck early Sunday morning, resulting in television and digital production systems being offline for more than 24 hours. The attack impaired Channel Nine’s ability to broadcast from its Sydney studios, forcing the media outlet to shift operations to its Melbourne studios.

Read More

No News is Bad News! Big digital platforms flex their influence to no avail.

By Cameron Abbott, Michelle Aggromito and Jacqueline Patishman

After severe criticism from the Australian government and others, Facebook has reversed its initial response to the controversial news media code of banning all Australian news on its platform, now stating that news and key pages concerning public health and government will be restored (although it has not provided a deadline for when this will occur).

Read More

City of Oldsmar, Florida narrowly avoids ‘hot water’ in remote cyberattack on its infrastructure

By Cameron AbbottRob Pulham and Jacqueline Patishman

News reports have surfaced reporting that a hacker in the US gained access to the Oldsmar’s water treatment plant system in an attempt to release a corrosive chemical into the Oldsmar’s water supply.

Read More

A Home Affair: Department of Home Affairs ordered to compensate Asylum Seekers following inadvertent disclosure

By Cameron Abbott, Warwick Andersen, Michelle Aggromito and Max Evans

As a result of a recent class action, the Department of Home Affairs has been ordered by the Australian Information Commissioner, Angelene Falk, to pay compensation to asylum seekers after the Department was found to have interfered with the privacy of 9,251 detainees.

According to a media release from the Office of the Australian Information Commissioner (OAIC) , the relevant breach stemmed from February 2014, where the Department published on its website a “Detention Report”, which had embedded within it a Microsoft Excel spreadsheet containing the personal information (including full names, date of birth and period of immigration detention) of 9,258 individuals who were in immigration detention at that time.

Read More

Less than two weeks to go: New Zealand Privacy Act commences 1 December 2020

By Cameron Abbott and Keely O’Dowd

On 1 December 2020, the New Zealand Privacy Act 2020 will come into operation and repeal and replace the Privacy Act 1993.

The Privacy Act 2020 modernises New Zealand’s privacy laws and seeks to keep pace with international standards and technology. While New Zealand’s new privacy legislation is not as onerous as other international privacy laws, such as the GDPR, it still introduces significant changes including:

  • mandatory data breach notification;
  • new investigative and regulatory powers for the New Zealand Privacy Commissioner; and
  • new criminal offences and penalties, including fines of up to $10,000.
Read More

Leaky Port: City of Port Phillip Inadvertently Discloses Personal Information on Federal Government Website

By Cameron Abbott, Warwick Andersen and Max Evans

The City of Port Phillip Council has accidentally published to data.gov.au personal information of an unknown number of residents who had reported graffiti, according to an article from ITNews supported by a statement released by the council.

According to the statement, during work to automate the generation of a graffiti dataset, an incorrect version was selected which led to the unapproved publication of personal information such as names, phone numbers and/or email addresses of the persons who reported graffiti to the council. As the article notes, of the approximately 764 email addresses and 859 phone numbers that were published, 53% of the email addresses belonged to businesses and 28% of the phone numbers were for landlines and 1300 numbers.

Read More

Australian Privacy Act Under Review

By Cameron Abbott, Rob Pulham and Keely O’Dowd

In December 2019, the Australian Government announced it would conduct a review of the Privacy Act 1988 (Cth).

A year has almost passed and finally the Australian Government has publicly released details about the review. On 30 October 2020, the Australian Government released the Terms of Reference of the review. In particular, the review will cover:

  • The scope and application of the Privacy Act
  • Whether the Privacy Act effectively protects personal information and provides a practical and proportionate framework for promoting good privacy practices
  • Whether individuals should have direct rights of action to enforce privacy obligations under the Privacy Act
  • Whether a statutory tort for serious invasions of privacy should be introduced into Australian law
  • The impact of the notifiable data breach scheme and its effectiveness in meeting its objectives
  • The effectiveness of enforcement powers and mechanisms under the Privacy Act and how they interact with other Commonwealth regulatory frameworks
  • The desirability and feasibility of an independent certification scheme to monitor and demonstrate compliance with Australian privacy laws.
Read More

Continuing to take its Toll: Toll Group still feeling impacts nine months after experiencing Ransomware Attack

By Cameron Abbott, Keely O’Dowd and Max Evans

Back in February, we blogged about the large scale ransomware attack experienced by Toll Group.

IT News reports Toll is still “mopping up” the damage caused by these attacks. Since July, Toll has embarked on a year-long accelerated cyber resilience program incorporating teams in India and Australia which led to the appointment of former Telstra Asia Pacific CISO Berin Lautenbach as Toll’s global head of information security in August.

Read More

Therapy clients become targets of blackmail campaign

By Cameron Abbott and Keely O’Dowd

Patients of a Finnish psychotherapy centre have become the victims of a blackmail campaign after the centre suffered a data breach. It is reported, the centre’s data was stolen during two attacks, one occurring in November 2018 and the other between the end of November 2018 and March 2019.

A cyber criminal (or criminals) has used the stolen data to contact patients demanding the payment of 200 euros in bitcoin, with this amount increasing to 500 euros if the patient refused to pay within 24 hours. If a patient refused to pay the ransom, the cyber criminal threatened to publish their personal information, including notes from therapy sessions. Around 300 records have been published on the dark web, which suggests patients are refusing to pay the ransom. The centre also received a ransom demand of 500,000 euros for the return of their data, which it has refused to pay.

Read More

Copyright © 2019, K&L Gates LLP. All Rights Reserved.