Category: Breaches

1
You’ve got mail…and lots of it according to the latest OAIC report!
2
Toll’d You So: Cyber Security Incident Cripples Toll’s Supply Lines, Causes Customer Backlash
3
Taking its Toll: Toll Shuts Down IT Systems Citing Cyber-Security Incident
4
“Totally Clueless”: Dating app Grindr reported for breach of privacy rules
5
You Can’t Throw the (Face)Book at Them: Affected Users Unable to Pursue Damages Claim against Facebook
6
Double-Edged Sword: Cambridge Analytica Whistle-Blower exposes the dual nature of Technology
7
Lead the Way: Liechtenstein and Bavarian Data Protection Authorities Publish Guidance on Data Access and Security
8
Could your ERP system make you a victim of cybercrime?
9
Insufficiency meets Punishment: Polish DPA issues largest fine for Insufficient Security and Organisational Measures
10
Update on the Criminalisation of Non-Consensual Distribution of Intimate Images in WA: Another Conviction in Australia

You’ve got mail…and lots of it according to the latest OAIC report!

By Cameron Abbott and Michelle Aggromito

With email being one of the most common forms of communication, it’s not surprising that inboxes these days accumulate thousands of emails that, perhaps, aren’t always electronically filed or deleted (not ours of course).

As the Office of the Australian Information Commissioner (OAIC) has indicated in its most recent report on notifications received under the Notifiable Data Breach (NBD) scheme, email accounts are frequently being used for storage, and this raises inherent risk. Yes it’s convenient, but using email to send personal information, such as copies of passports, bank account details and credit card information, can very quickly lose its appeal. If the email account is accessed by a malicious actor through a phishing attack or a rogue employee, the end result can be exploitation of that information for criminal gain.

Read More

Toll’d You So: Cyber Security Incident Cripples Toll’s Supply Lines, Causes Customer Backlash

By Cameron Abbott, Warwick Andersen and Max Evans

Further information surrounding the specific details and extent of the security breach suffered by transport and logistics network Toll, which we previously blogged in respect of, have been revealed by the Australian Financial Review.

The crippling ransomware attack, known now as “Mailto” or “Kazakavkovkiz” caused Toll to suspend many of its delivery and tracking systems with a Toll spokesperson indicating that the company needed to suspend up to 500 applications that supported its operations across 25 countries worldwide. In Australia, entities such as Nike, Optus, and Telstra were forced to address a multitude of customer complaints arising out of packages affected by the relevant cyber attack.

Read More

Taking its Toll: Toll Shuts Down IT Systems Citing Cyber-Security Incident

By Cameron Abbott, Max Evans and Florence Fermanis

We have our first large scale data breach of the decade. Toll, a transport and logistics network which delivers up to 95 million items globally every year, has temporarily shut down a number of its IT systems as a precautionary measure after suffering a cyber-security breach on Friday, according to an article by the SMH.

A spokesperson has indicated that Toll has cybersecurity experts working closely with their IT team on the breach, and is taking careful internal measures so that systems can be brought back up online in a “controlled and secured manner”. Additionally, Toll has initiated business continuity plans to minimise the disturbance brought on by the breach. While any official numbers of affected customers and the exact nature and extent of the breach have not yet been released by Toll, The Register has reported that the breach has reportedly affected customers in Australia, India and the Philippines.

Read More

“Totally Clueless”: Dating app Grindr reported for breach of privacy rules

By Cameron Abbott, Max Evans and Florence Fermanis

Dating apps, for many young people, are a fact of life. Meeting someone these days in real-life rather than through a simple swipe right appears to have become the exception, belonging more to any number of 90s teen “romcoms” than it does to real life.

According to an article by Reuters however, in recent times dating app Grindr has been the subject of a complaint by the Norwegian Consumer Council (NCC) in relation to a breach of privacy rules as set out in the European Union’s General Data Protection Regulation, implemented in 2018.

Read More

You Can’t Throw the (Face)Book at Them: Affected Users Unable to Pursue Damages Claim against Facebook

By Cameron Abbott, Max Evans and James Gray

A US federal judge has ruled that the 29 million Facebook users affected by the September 2018 data breach may not seek damages as a remedy, but can only pursue the enforcement of better security practices at Facebook, according to a report by Reuters. Judge Alsup of the US District Court stated that Facebook’s repetitive losses of users’ privacy indicated a long-term need for supervision, which comes in addition to prior judgment which indicated that Facebook’s views about user’s privacy expectations were “so wrong”.

Read More

Double-Edged Sword: Cambridge Analytica Whistle-Blower exposes the dual nature of Technology

By Cameron Abbott, Max Evans and James Gray

In his cautionary tale, 1984, author George Orwell spoke of a paradigm where the unregulated use of powerful technology, referred to as “telescreens”, manifested a society beholden to the ethics of the controller. This paradigm is perhaps more real than ever, according to an article by Reuters

By exploring the views of Cambridge Analytica whistle-blower Christopher Wylie, the article advises that the deep, multifaceted involvement of big tech companies in consumers’ lives, the ultimate dependence that arises from such involvement and the overwhelming vulnerability of such consumers renders tech companies “too big to fail”. Wylie argues that the vast imbalance of power and information in favour of these companies over users is resulting in a constant scrambling by regulators to control the rapid adoption of such technology forms.

Read More

Lead the Way: Liechtenstein and Bavarian Data Protection Authorities Publish Guidance on Data Access and Security

By Cameron Abbott and Max Evans

Drawing on the requirements imposed in respect of privacy and data protection by the General Data Protection Regulation, Liechtenstein and Bavaria have published some useful guidance on several key elements of the relevant regulation.

Read More

Could your ERP system make you a victim of cybercrime?

By Cameron Abbott and Allison Wallace

We frequently blog here about incidents where companies, government agencies or public have suffered data or security breaches at the hands of hackers. They’re often incidents that come to light because they affect the public in some way – by shutting down hospitals, exposing sensitive personal information, or threatening government security. But what about hacks that, while not having wide-reaching public implications, go to the core of a business’ operations?

Read More

Insufficiency meets Punishment: Polish DPA issues largest fine for Insufficient Security and Organisational Measures

By Cameron Abbott and Max Evans

Further to the Facebook and Tesco scandals, and the apparent statistic increase of enforcement fines issued, the Polish Data Protection Authority has issued a landmark fine of €645,000 against online retail company morele.net for insufficient security and organisational measures violating data confidentiality and integrity principles prescribed in the EU’s General Data Protection Regulation.

Read More

Update on the Criminalisation of Non-Consensual Distribution of Intimate Images in WA: Another Conviction in Australia

By Olivia O’Brien, Philip Murray and Kathleen Weston

Just a few months ago, we published an article on the criminalisation of the non-consensual distribution of intimate images in Western Australia. Only this week, there has been a second successful conviction under the Criminal Law Amendment (Intimate Images) Act 2018 (WA) (WA Act) in the Rockingham Magistrate’s Court.

Read More

Copyright © 2019, K&L Gates LLP. All Rights Reserved.