Archive: February 2016

1
It’s official and, it’s personal – Gemalto’s 2015 results reveal scary cybercrime stats
2
Apple sends passionate message to customers following court order to hack iPhone
3
Gone in a ‘Flash’ – Google ditches Adobe for HTML5
4
Hold the phone…is “metadata” personal information? Who knows?
5
Privacy concerns over Westfield’s ticketless parking system
6
‘EU-US Privacy Shield’ agreed for trans-Atlantic data flow
7
Scary statistics reveal 39,000 reported cybercrime incidents in 2015

It’s official and, it’s personal – Gemalto’s 2015 results reveal scary cybercrime stats

By Cameron Abbott and Meg Aitken

Never mind your credit card details, let’s worry about cybercriminals stealing your identity.

The latest Breach Level Index released by Gemalto has revealed that identity theft was the primary target of hackers in 2015, with stolen personal information accounting for 53% of all data breaches.

It’s a worry, you see, because while your credit card has inbuilt security defences and merchant protection mechanisms, your valuable personal information is probably stored in multiple locations, across a number of interfaces, in a variety of forms, exposing it to substantial risk of theft.

Not only is the massive volume of personal information that is available to be stolen a cause for alarm, but what cybercriminals can potentially do with that information is the major concern.

So who is to blame? Well, malicious outsiders were the leading source of data breaches in 2015, accounting for 58%, accidental loss of data was next and then came malicious insiders, who accounted for 14% of all data breaches.

Clearly, companies need to recognise that today’s cyber environment demands robust security strategies that not only protect networks from external attacks and accidental data loss, but also keep an eye on insiders too.

To secure against a data breach, Gemalto recommends that organisations commit to the encryption of all sensitive information, secure storage and management of data and encryption keys, and controlled access and authentication of users.

Access the Gemalto 2015 Breach Level Index Report here.

Apple sends passionate message to customers following court order to hack iPhone

By Cameron Abbott and Meg Aitken

A US District Court has ordered Apple to assist US law enforcement agents to bypass the security features, disable the auto-erase function and ultimately access the data contained within an iPhone 5C that was used by one of the San Bernardino shooters, Syed Rizwan Farook.

Apple’s CEO Tim Cook responded to the order with an open letter to customers discussing the privacy and security implications of the order and calling for public discussion on the issue.

Read Apple’s Customer Letter here.

Access the Court Order here.

Gone in a ‘Flash’ – Google ditches Adobe for HTML5

By Cameron Abbott and Meg Aitken

Google has recently announced a plan to shift away from displaying ads built using Adobe Flash Player, instead opting for the HTML5 platform.

While the Adobe Flash plug-in technology has arguably been the premier tool for producing interactive media and animated video displays for some time, it has been criticised for employing inadequate security controls, leaving it susceptible to attacks by malware hackers.

Even Adobe itself is aware of the superior capabilities of HTML5. Adobe attempted to respond to the shift away from plug-in technology last year by rebranding the Flash Player and launching the ‘Animate CC’, which was touted as “Adobe’s premier web animation tool for developing HTML5 content while continuing to support the creation of Flash content”.

Google’s not sold, and has been blogging to encourage advertisers to convert their Flash Player ads HTML5 in order to influence a wider audience for some time, even providing ‘how to guides‘. From 30 June 2016, Google will no longer allow advertisers to upload new display ads built using Adobe Flash, and from January 2017, all ads built in the Adobe Flash format will not be supported by Google.

Access Google’s update here.

Privacy concerns over Westfield’s ticketless parking system

By Cameron Abbott, Meg Aitken and Shirley Chen

Westfield has sidelined the SMS feature of its ticketless parking system this week due to concerns it breached Australian privacy laws.

Westfield’s newfangled ticketless parking system attempted to make parking quicker and easier for shoppers by scanning car number plates on entry and exit of their carparks, and sending an SMS notification to registered parkers recording their entry time and an alert message when their free parking time was nearly up. To register for the service, users were merely required to provide a name, license plate number and phone number (with no verification).

Privacy experts raised the alarm that any person could register false details and track another person’s physical location via the SMS notifications. This was a particular worry for those in domestic violence situations and could also potentially enable stalking or thieves to determine when homeowners had left their houses. The feature’s Terms and Conditions failed to address any of these issues.

The SMS service is currently suspended as internal investigations are conducted, though the rest of the ticketless parking system and app continue to operate.

Learn more about the ticketless parking system here.

Read the ITNews report on the issue here.

 

‘EU-US Privacy Shield’ agreed for trans-Atlantic data flow

By Cameron Abbott and Meg Aitken

A new trans-Atlantic data transfer framework has been agreed between the European Commission and the United States this week. Known as the ‘EU-US Privacy Shield’, the new arrangement is intended to offer greater legal certainty for businesses and afford EU citizens increased protection when their data is transferred across the Atlantic to the US.

The new regulations will replace the US-EU Safe Harbor framework, which was invalidated by the European Court of Justice last October on the basis that the generalised access that public authorities had to the data and content of electronic communications violated fundamental privacy rights. Read our earlier blog post on the Safe Harbour decision here.

The key features of the new EU-US Privacy Shield are:

  • Stronger obligations on US companies to protect the personal data of EU citizens
  • More robust enforcement powers granted to both EU and US regulators, including greater monitoring and prosecution by the US Department of Commence and Federal Trade Commission (FTC)
  • Clearer conditions, limitations, redress avenues and safeguards for data transferred across the Atlantic
  • Expanded obligations for US companies to prove compliance
  • Several new avenues for EU citizens to lodge complaints about data misuse, including the establishment of a new independent privacy Ombudsman

The new Privacy Shield is still awaiting final approval from the College of Commissioners and will be subject to further review by the Article 29 Working Party before it is introduced. Much of the detail has not been released, so while the principles have been articulated, the impact on the obligations of affected companies is still far from clear.

Read the European Commission press release here for further details.

Our US and EU colleagues have drafted a more detail description which can be accessed here for further information.

Scary statistics reveal 39,000 reported cybercrime incidents in 2015

By Cameron Abbott and Meg Aitken

Following its launch in November 2014, the Australian Cyber Online Reporting Network (ACORN) has revealed it fielded 39,000 reports of cybercrime from individuals and organisations in 2015. Fraud was the most commonly reported cybercrime, with 19,232 reports being made to ACORN last year.

Prominent data analytics group and credit bureau, Veda revealed similarly worrying statistics in the Veda 2015 Cybercrime and Fraud Report, noting that in 2015, 1 in 4 Australians reported being a victim of identity theft at some stage, up 7% from 2014. The report also suggests that Australians are becoming increasingly concerned about the risk of cybercrime and identity theft.

Veda has projected that 2016 will see even greater numbers of cybercrime attacks on individuals, firms and government agencies as the ‘Internet of Things’ further develops, reliance on social media grows and a profound amount of personal information and data continues to be collected.

Read the ACORN quarterly statistics reports here.

Copyright © 2019, K&L Gates LLP. All Rights Reserved.