Category: Privacy, Data Protection & Information Management

1
Cyber Criminals “King of the (Data Breach) Jungle”: 61% of all Data Breaches caused by Malicious or Criminal Attacks, according to OAIC Report
2
Can It Get Any Worse? Travel Giant CWT pays $4.5 Million USD ransom to Hackers who Stole Corporate Files and Knocked 30,000 Computers Offline
3
Trust but verify: Independent report on Australia’s “anti-encryption” legislation released
4
Update: Australia’s 2020 Cyber Security Strategy
5
OAIC and UK ICO announce joint investigation into Clearview AI
6
EU Court of Justice Invalidates Privacy Shield
7
“The best of its kind anywhere in the world today”: COVIDSafe among the safest tracing apps globally, study finds
8
Credential stuffing during COVID-19: Cybersecurity firm purchased over 500,000 Zoom account credentials on the dark web and hacker forums
9
D’oh! Beer company suffers cyber attack
10
Privacy Professionals download COVIDSafe App

Cyber Criminals “King of the (Data Breach) Jungle”: 61% of all Data Breaches caused by Malicious or Criminal Attacks, according to OAIC Report

By Cameron Abbott, Keely O’Dowd and Max Evans

The Office of the Australian Information Commissioner (OAIC) has released its report on notifications received under the Notifiable Data Breaches scheme for period January to June 2020.

The OAIC reported 518 breaches were notified to it in the relevant period. The OAIC noted a 3% decrease from the 532 breaches notified in the period July 2019 to December 2019. However, there was a 16% increase on the 447 notifications received during January to June 2019.

Read More

Can It Get Any Worse? Travel Giant CWT pays $4.5 Million USD ransom to Hackers who Stole Corporate Files and Knocked 30,000 Computers Offline

By Cameron Abbott and Max Evans

In these unprecedented times, where travel around the globe is primarily halted as nations get to grips with controlling the outbreak of COVID-19, many would think it couldn’t get any worse for travel companies. However, they would be wrong, as according to an article from ITNews, American travel management giant CWT has reportedly paid a whopping 414 bitcoin, equivalent to a value of 4.5 Million USD (approximately 6.3 Million AUD), to hackers who successfully exfiltrated over 2 terabytes of sensitive corporate files.

According to the Article, the successful hackers used a strain of ransomware referred to as “Ragnar Locker” which places computer files into a virtual prison through encryption and renders them unusable until the victim pays for the keys. Then in CWT had to negotiate in a public chat forum to pay for the release.  It gives us a rare insight into the dialogue that followed. CWT negotiated the hackers down from their initial demand of 10 Million USD. According to the Report, whilst the hackers claimed to have stolen over 2 terabytes of files including financial reports, security documents and employees’ personal data, it was not clear whether any customer data was compromised.

Read More

Trust but verify: Independent report on Australia’s “anti-encryption” legislation released

By Cameron Abbott and Rebecca Gill

The ability of a government to force a technology provider to create a “back door” into their technology to allow security agencies to “listen in” to communications is a very controversial step, but it has not been the subject of much discussion as any recipient of such intervention is gagged. 

It was interesting to see that the Independent National Security Legislation Monitor has released a report on its review of the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018 (Cth) (TOLA Act). The review considered, and provided recommendations on, the operation, effectiveness and implications of the TOLA Act and whether it is necessary, is proportionate to the threats it seeks to meet and treats human rights properly.

Read More

Update: Australia’s 2020 Cyber Security Strategy

By Cameron Abbott and Keely O’Dowd

The Australian Government is currently developing its next Cyber Security Strategy, which is scheduled for release in the coming months.

The Australian Government 2020 Cyber Security Strategy Industry Advisory Panel has released a report consisting of 60 recommendations to inform the 2020 Cyber Security Strategy. The Panel’s 60 recommendations are structured around five key pillars:

Read More

OAIC and UK ICO announce joint investigation into Clearview AI

By Cameron Abbott, Warwick Andersen, Rob Pulham and Keely O’Dowd

On 9 July 2020, the Office of the Australian Information Commissioner (OAIC) and the UK Information Commissioner’s Office (ICO) announced they have opened a joint investigation into the personal information handling practices of Clearview AI Inc.

The OAIC has stated the investigation will focus on ClearView AI’s use of “scraped” data and biometrics of individuals.

Read More

EU Court of Justice Invalidates Privacy Shield

By Cameron Abbott, Claude Etienne-Armingaud, Rob Pulham, Michelle Aggromito and Keely O’Dowd

On the morning of 16 July 2020, in a significant decision of the Court of Justice of the European Union (CJEU), the Privacy Shield was held to be invalid.

Read More

“The best of its kind anywhere in the world today”: COVIDSafe among the safest tracing apps globally, study finds

By Cameron Abbott, Warwick Andersen, Rob Pulham and Rebecca Gill

In some positive news about the Federal Government’s COVIDSafe app, the University of Adelaide’s cybersecurity experts have assessed the Australian contact tracing app to be one of the best and safest among 34 apps used globally to track and trace COVID-19 cases.

A team from the University’s School of Computer Science made the judgment in a study which assessed Android versions of 34 of the world’s COVID-19 contact tracing apps for security and privacy vulnerabilities.

Read More

Credential stuffing during COVID-19: Cybersecurity firm purchased over 500,000 Zoom account credentials on the dark web and hacker forums

By Cameron Abbott, Michelle Aggromito and Rebecca Gill

In what could only be adding fuel to the fire that is the growing concern over Zoom’s privacy and data security risks, it has been reported that over 500,000 Zoom accounts were sold on the dark web and hacker forums earlier in April. The accounts were purchased by cybersecurity firm Cyble after it noticed free Zoom accounts were being posted on hacker forums.

Cyble was able to purchase approximately 530,000 Zoom credentials, which included a user’s email address, password, personal meeting URL, and their HostKey (a six-digit number used to host meetings on Zoom). Victims included well-known companies such as Chase, Citibank and educational institutions including the University of Colorado and the University of Florida. According to Cyble, credentials belonging to its clients in the bulk purchase were also confirmed to be correct.

Read More

D’oh! Beer company suffers cyber attack

By Cameron Abbott and Keely O’Dowd

On Tuesday last week, Lion Beer Australia announced it had experienced a cyber incident. During the week, Lion advised there was no evidence to date of any data breaches, but was still investigating the cyber attack. Investigations revealed Lion was subject to a ransomware attack. 

Read More

Privacy Professionals download COVIDSafe App

By Cameron Abbott, Warwick Andersen, Rob Pulham, Michelle Aggromito and Allison Wallace

A number of legal professionals, with significant experience in the field of privacy law, have signed an open letter to encourage individuals to download the Commonwealth Government’s COVIDSafe App.

Among the privacy lawyers are members of K&L Gates own Australian privacy team (and the authors of this blog post) Cameron Abbott, Rob Pulham, Warwick Andersen, Michelle Aggromito and Allison Wallace.

The open letter is signed by members in their personal capacity, and signals that people who care about privacy a lot can still think that supporting the health and economic objectives of the App is more important at this time.

As at the date of this post, more than 5 million people have downloaded the App, with more needed to reach the Commonwealth Government’s target of 40% of the Australian population.

Copyright © 2019, K&L Gates LLP. All Rights Reserved.