CyberWatch: Australia

Insight on how cyber risk is being mitigated and managed in Australia and across the globe.

 

1
New Decade, New Facebook? Facebook Reaches $550 Million Settlement in Facial Recognition Class Action, Agrees to Upgrade Privacy Safeguards
2
You’ve Got (Junk) Mail: Optus Slammed with $504k Fine For Spam Law Breach
3
Don’t let coronavirus get your system infected
4
Taking its Toll: Toll Shuts Down IT Systems Citing Cyber-Security Incident
5
Post-Brexit data protection – where are we now?
6
“Totally Clueless”: Dating app Grindr reported for breach of privacy rules
7
Pushing for Gold: Organisers of the Tokyo 2020 Olympics adopting Facial Recognition Technology and Robotics to Ensure Peak (Security) Performance
8
Poker Face: Problem Gamblers Being Identified through Facial Recognition Technology
9
You Can’t Throw the (Face)Book at Them: Affected Users Unable to Pursue Damages Claim against Facebook
10
A JEDI Uses the Force for Knowledge and Defense: The Pentagon awards US$10billion JEDI cloud deal to Microsoft

New Decade, New Facebook? Facebook Reaches $550 Million Settlement in Facial Recognition Class Action, Agrees to Upgrade Privacy Safeguards

By Cameron Abbott, Max Evans and Florence Fermanis

Facebook is in the news again, but this time it’s not for the Cambridge Analytica scandal that took over our screens in 2019. Facebook has agreed to pay $550 Million USD to settle a class action which claimed that it had collected and stored biometric information belonging to millions of users without their consent, according to reports by Reuters and TechXplore.

According to the reports, the relevant users alleged that Facebook illegally collected biometric data through its ‘Tag Suggestions’ feature, which allowed users to recognise Facebook friends from uploaded photographs.

Read More

You’ve Got (Junk) Mail: Optus Slammed with $504k Fine For Spam Law Breach

By Cameron Abbott, Max Evans and Florence Fermanis

Optus has been fined $504,000 by the Australian Communications and Media Authority (ACMA) for breaching spam laws, according to articles by the ABC and the SMH. The fine is the second largest in ACMA’s history to be awarded, being just $6,000 shy of the $510,000 fine which was slapped on Telstra in 2014 for missing service standards for urban landline connections.

Despite customers notifying Optus of their wish to opt-out or unsubscribe from such messages, an ACMA investigation found that customers still received the relevant messages, resulting in more than 2 million breaches to the Spam Act 2003 (Cth). Rather than a ‘one-off’ issue, it was found that Optus had systemic deficiencies with their compliance procedures and governance.

Read More

Don’t let coronavirus get your system infected

By Cameron Abbott and Allison Wallace

You’ve all likely seen various news reports and online posts about the coronavirus epidemic – you may have even received email alerts on how you can protect yourself from being infected.

It turns out cyber criminals are using our curiosity to bait us with fake documents purporting to inform us about coronavirus while actually infecting our systems with malware.

Read More

Taking its Toll: Toll Shuts Down IT Systems Citing Cyber-Security Incident

By Cameron Abbott, Max Evans and Florence Fermanis

We have our first large scale data breach of the decade. Toll, a transport and logistics network which delivers up to 95 million items globally every year, has temporarily shut down a number of its IT systems as a precautionary measure after suffering a cyber-security breach on Friday, according to an article by the SMH.

A spokesperson has indicated that Toll has cybersecurity experts working closely with their IT team on the breach, and is taking careful internal measures so that systems can be brought back up online in a “controlled and secured manner”. Additionally, Toll has initiated business continuity plans to minimise the disturbance brought on by the breach. While any official numbers of affected customers and the exact nature and extent of the breach have not yet been released by Toll, The Register has reported that the breach has reportedly affected customers in Australia, India and the Philippines.

Read More

Post-Brexit data protection – where are we now?

By Cameron Abbott and Michelle Aggromito

After years of political squabble and delays, Brexit day finally arrived on 31 January 2020. But what does it mean when we talk about the UK’s withdrawal from the EU and how will data protection regulation and compliance change?

There will be little change during the transition (also known as “implementation”) period that is expected to end on 31 December 2020. During this period, EU law will continue to apply in the UK, including the EU General Data Protection Regulation (GDPR), after which the GDPR will be converted into UK law.

Read More

“Totally Clueless”: Dating app Grindr reported for breach of privacy rules

By Cameron Abbott, Max Evans and Florence Fermanis

Dating apps, for many young people, are a fact of life. Meeting someone these days in real-life rather than through a simple swipe right appears to have become the exception, belonging more to any number of 90s teen “romcoms” than it does to real life.

According to an article by Reuters however, in recent times dating app Grindr has been the subject of a complaint by the Norwegian Consumer Council (NCC) in relation to a breach of privacy rules as set out in the European Union’s General Data Protection Regulation, implemented in 2018.

Read More

Pushing for Gold: Organisers of the Tokyo 2020 Olympics adopting Facial Recognition Technology and Robotics to Ensure Peak (Security) Performance

By Cameron Abbott, Max Evans and James Gray

It seems that Facial Recognition Technology (FRT) is the flavour of the month. Recently, we blogged about the adoption of FRT in the SkyCity Adelaide Casino to identify barred gamblers, which comes following the commencement of Perth’s 12 month trial of FRT conducted in co-operation with law enforcement agencies. However, on an international stage, organisers of the 2020 Tokyo Olympics have begun testing of FRT access systems to boost security, according to a Report by the Australian Financial Review.

Read More

Poker Face: Problem Gamblers Being Identified through Facial Recognition Technology

By Cameron Abbott, Max Evans and James Gray

Facial Recognition Technology (FRT) is being used by the popular SkyCity Adelaide Casino to detect barred gamblers, according to a report by Adelaide Now.

The FRT is capable of identifying even those attempting to conceal their identities with hats and sunglasses, with one staff member detected by her smile. According to the report, casino staff escorted barred gamblers off premises following identification using the FRT, before asking the relevant gambler whether they are in contact with their counsellors. The report states that detected problem gamblers were almost always appreciative of staff’s intervention.

Read More

You Can’t Throw the (Face)Book at Them: Affected Users Unable to Pursue Damages Claim against Facebook

By Cameron Abbott, Max Evans and James Gray

A US federal judge has ruled that the 29 million Facebook users affected by the September 2018 data breach may not seek damages as a remedy, but can only pursue the enforcement of better security practices at Facebook, according to a report by Reuters. Judge Alsup of the US District Court stated that Facebook’s repetitive losses of users’ privacy indicated a long-term need for supervision, which comes in addition to prior judgment which indicated that Facebook’s views about user’s privacy expectations were “so wrong”.

Read More

A JEDI Uses the Force for Knowledge and Defense: The Pentagon awards US$10billion JEDI cloud deal to Microsoft

By Cameron Abbott and Tan Xin Ya

In October, the US Department of Defence (DoD) awarded the Joint Enterprise Defence Infrastructure (JEDI) contract to Microsoft to overhaul its IT infrastructure – a huge show of confidence in infrastructure as a service (IaaS).

The DoD’s award of the 10-year, $10 billion JEDI contract to Microsoft is an endorsement of the secure nature of Azure, Microsoft’s cloud computing service. Under this deal, Microsoft’s task is to create a globally responsive network and monitor ongoing issues such as bugs and breaches. Part of the deal involves moving sensitive data, including classified mission operations, to Microsoft Azure. The system must be fortified with robust cyber security and encryption as Microsoft bears the important responsibility for the defence of the US.

The DoD’s decision to move to the cloud is a clear signal that IaaS has come of age, considering when such a security sensitive operation is able to use the service.

Copyright © 2019, K&L Gates LLP. All Rights Reserved.