Archive: August 2019

1
Sorry Sir, Our Data Breach Response Plan is Out of Stock
2
Trending: Security as a service
3
You can be anonymised, but you can’t hide
4
A Different Immune System: TGA provides Insight into Cyber Security for Medical Devices

Sorry Sir, Our Data Breach Response Plan is Out of Stock

By Cameron Abbott, Michelle Aggromito and Max Evans

We are living in an era of online shopping, where consumers are more willing to hand over personal information for goods and services, and are less suspicious of whom they are divulging their personal information to. As a result, online businesses are in possession of a vast amount of their customers’ personal information. The recent hack of Sneaker Platform Stock-X reminds us yet again of the importance of businesses maintaining comprehensive and up to date security processes, and in particular, the necessity of having an adequate data breach response plan in place.

Stock-X, a platform for the re-sale of sneakers and apparel, was recently hacked, exposing over six million users’ personal data, including their real name, username, password, shoe size and trading currency. According to a Report by TechCrunch, Stock-X’s initial response was to reset customer passwords, stating that it was due to system updates. A spokesperson for Stock-X later disclosed to TechCruch that Stock-X was alerted to “suspicious activity”. TechCrunch reports; however, an unnamed data breach seller had contacted it claiming more than 6.8 million records were stolen from Stock-X in May, and that the records had been put up for sale and sold on the dark web for $300.

Read More

Trending: Security as a service

By Cameron Abbott and Karla Hodgson

Remember the time when you first heard about cloud computing and it took you a few moments of quiet contemplation before you wrapped your head around the concept of computing being situated “up there”?  Of course today we aren’t surprised to learn that over 80% of enterprise workloads will be in the cloud by next year and that a new wave of cloud-based security as a service (SECaaS) solutions are rolling in to address the forecasted USD $5.2 trillion per year in cybercrime damage that is expected to impact within the next 5 years.

Based on the software as a service (SaaS) model, SECaaS is a cloud-based managed security service that removes the need for businesses to buy and continually upgrade on-premises hardware and software and keep staff upskilled in the ever-shifting world of cybersecurity risk and protection.

Read More

You can be anonymised, but you can’t hide

By Cameron Abbott, Michelle Aggromito and Karla Hodgson

If you think there is safety in numbers when it comes to the privacy of your personal information, think again. A recent study in Nature Communications found that, given a large enough dataset, anonymised personal information is only an algorithm away from being re-identified.

Anonymised data refers to data that has been stripped of any identifiable information, such as a name or email address. Under many privacy laws, anonymising data allows organisations and public bodies to use and share information without infringing an individual’s privacy, or having to obtain necessary authorisations or consents to do so.

But what happens when that anonymised data is combined with other data sets?

Read More

A Different Immune System: TGA provides Insight into Cyber Security for Medical Devices

By Cameron Abbott, Michelle Aggromito and Max Evans

The Australian Therapeutic Goods Administration (TGA) has published its guidance framework dealing with medical device cyber security for manufacturers and sponsors of medical devices, as well as for consumers, health professionals and other users. This is driven by a number of challenges that regulators face to protect users against cyber security risks, including the alteration of device function, loss to privacy and the alteration of personal health data.

The crux of the framework is based on the TGA view that knowledge is power, in that patients using connected medical devices should be informed about the potential cyber security risks those devices have, and take proactive measures to protect their devices and networks.

Read More

Copyright © 2019, K&L Gates LLP. All Rights Reserved.