Catagory:Breaches

1
Argentina announces upgrades to data protection obligations
2
The Importance of Managing DSARs
3
Uber found to have breached Australian’s privacy following 2016 hack
4
To pay or not to pay the ransom? Organisations may find their decision easier with government guidance
5
REvil strikes again – ransomware attack on UnitingCare Queensland
6
Other Australian companies attacked by the same ransomware attack on the JBS meat processing company
7
Ransomware attack on the world’s largest meatpacking company JBS
8
Another attack on critical infrastructure – New York’s subway hacked
9
Even the Best Fall Down Sometimes: Nine Network suffers large-scale cyber attack
10
City of Oldsmar, Florida narrowly avoids ‘hot water’ in remote cyberattack on its infrastructure

Argentina announces upgrades to data protection obligations

By Cameron Abbott, Stephanie Mayhew and Dadar Ahmadi-Pirshahid

Argentina’s Data Protection Authority, the Agency for Access to Public Information (the Agency), has published a draft bill that proposes to bring Argentina’s 22 year old data protection law more in line with the European Union’s General Data Protection Regulation.

Amongst other things, the bill modernises Argentina’s data protection law to deal with more recent issues including cloud computing, biometric and genetic data. It provides greater scope for international transfers of information by allowing transfers under the sanction of adequate data protection guarantees in the absence of a decision by the Agency that the importing country has adequate data protection. It additionally requires Data Controllers to document and notify the Agency of data breaches within 48 hours of becoming aware of a breach.

The draft bill is open for public comment until 30 September 2022. Any entity wishing to submit commentary is encouraged to reach out to K&L Gates to help facilitate the submission process.

The Importance of Managing DSARs

By Claude-Étienne Armingaud and Inès Demmou

With its December 2021 fine imposed on French telephone operator Free Mobile, the French data protection authority (CNIL) reiterated the importance of responding to data subject access requests (DSARs) within the relevant timeline (usually 30 days), with all the relevant and required information (Article 13 and 14 GDPR) and ensuring the security of users’ personal data (Article 32 GDPR). 

Another sanction by the Dutch Supervisory Authority relating to the principle of data minimization confirmed that such DSARs could not be conditioned by overly complex mechanisms, such as a requirement to upload a full copy of an identity document.

These sanctions demonstrate that data subjects have acquired the awareness necessary to exercise their rights, and that data controllers must implement effective channels and internal processes to handle DSARs properly, effectively, in a timely manner, and in a way that would not, in turn, generate its own set of breaches of the GDPR. 

To find out more, see our full alert here.

Uber found to have breached Australian’s privacy following 2016 hack

By Cameron Abbott and Jacqueline Patishman

In 2017, Uber disclosed to the Office of the Australian Information Commissioner (OAIC) a breach of its some 57 million global users and driver’s personal information (including approximately 1.2 million Australians). Last Friday, the OAIC determined that Uber had breached the Australian Privacy Act by failing to take reasonable steps to protect Australian’s personal information from unauthorised access.

Read More

To pay or not to pay the ransom? Organisations may find their decision easier with government guidance

By Cameron AbbottRob Pulham and Jacqueline Patishman

The Cyber Security Advisory Committee (an industry based advisory panel established by the Minister for Home Affairs to provide independent strategic advice on Australia’s cyber security challenges) has recommended in its annual report that the federal government develop a clearer policy position on the payment of ransoms by organisations that have suffered ransomware attacks.

Read More

REvil strikes again – ransomware attack on UnitingCare Queensland

By Cameron Abbott and Jacqueline Patishman

Following a ransomware infection in late April, UnitingCare Queensland has suffered a nearly 2 month long ordeal to regain control of its systems. UnitingCare was a victim of malware called Sodinokibi/REvil which encrypted its files and attempted to delete backups.

Read More

Other Australian companies attacked by the same ransomware attack on the JBS meat processing company

By Cameron AbbottRob Pulham and Jacqueline Patishman

It’s been reported that at least 7 other Australian companies are among the group of companies that were affected by the recent ransomware attack on JBS meat by the cybercriminal group REvil.

Read More

Ransomware attack on the world’s largest meatpacking company JBS

By Cameron AbbottRob Pulham and Jacqueline Patishman

Last week, a ransomware attack on the world’s largest meatpacking company caused a temporary shut-down of its operations in Australia and North America. The attack infiltrated the company’s quality assurance systems and ultimately prevented normal production.

Read More

Another attack on critical infrastructure – New York’s subway hacked

By Cameron AbbottRob Pulham and Jacqueline Patishman

In April, New York’s subway authority was hacked by a group of cybercriminals with suspected Chinese government connections. The authority is responsible for operating all of New York’s train and bus systems and the attack exposed vulnerabilities in the services used by millions every day.

Read More

Even the Best Fall Down Sometimes: Nine Network suffers large-scale cyber attack

By Cameron Abbott, Warwick Andersen, Rob Pulham and Max Evans

Channel Nine has suffered the largest cyber attack on a media company in Australia’s history, according to reports from IT News, the AFR and Nine News.

The cyber attack, reported by Channel Nine as a variation of a ransomware attack, struck early Sunday morning, resulting in television and digital production systems being offline for more than 24 hours. The attack impaired Channel Nine’s ability to broadcast from its Sydney studios, forcing the media outlet to shift operations to its Melbourne studios.

Read More

City of Oldsmar, Florida narrowly avoids ‘hot water’ in remote cyberattack on its infrastructure

By Cameron AbbottRob Pulham and Jacqueline Patishman

News reports have surfaced reporting that a hacker in the US gained access to the Oldsmar’s water treatment plant system in an attempt to release a corrosive chemical into the Oldsmar’s water supply.

Read More

Copyright © 2024, K&L Gates LLP. All Rights Reserved.