CyberWatch: Australia

Insight on how cyber risk is being mitigated and managed in Australia and across the globe.

 

1
You’ve got mail…and lots of it according to the latest OAIC report!
2
Utilize and Protect: 2020 AmCham Tech Panel explores complexities of the Data World
3
No cyber insurance? Check your policy – you may be covered for more than you think
4
A New Low: Red Cross subject to Fraudulent Claims for Bushfire Grants by Cyber Thieves
5
Hand Out of a Different Cookie Jar: Google to Eliminate all Third Party Cookies
6
Toll’d You So: Cyber Security Incident Cripples Toll’s Supply Lines, Causes Customer Backlash
7
New Decade, New Facebook? Facebook Reaches $550 Million Settlement in Facial Recognition Class Action, Agrees to Upgrade Privacy Safeguards
8
You’ve Got (Junk) Mail: Optus Slammed with $504k Fine For Spam Law Breach
9
Don’t let coronavirus get your system infected
10
Taking its Toll: Toll Shuts Down IT Systems Citing Cyber-Security Incident

You’ve got mail…and lots of it according to the latest OAIC report!

By Cameron Abbott and Michelle Aggromito

With email being one of the most common forms of communication, it’s not surprising that inboxes these days accumulate thousands of emails that, perhaps, aren’t always electronically filed or deleted (not ours of course).

As the Office of the Australian Information Commissioner (OAIC) has indicated in its most recent report on notifications received under the Notifiable Data Breach (NBD) scheme, email accounts are frequently being used for storage, and this raises inherent risk. Yes it’s convenient, but using email to send personal information, such as copies of passports, bank account details and credit card information, can very quickly lose its appeal. If the email account is accessed by a malicious actor through a phishing attack or a rogue employee, the end result can be exploitation of that information for criminal gain.

Read More

Utilize and Protect: 2020 AmCham Tech Panel explores complexities of the Data World

By Cameron Abbott and Max Evans

We all know by now that technology, and the data obtained and analysed through it, has changed the way the world works and in particular, the way we do business. However, at the first American Chamber of Commerce in Australia (AmCham) Tech Talk Breakfast for 2020, hosted at K&L Gates by our very own Cameron Abbott, it appears that a large portion of the business world is still lagging in terms of utilising its own data resources, understanding the power of data generally and the need to establish and implement appropriate and comprehensive security protections and processes. 

The four industry leading speakers, Martin Creighan of AT&T, Robert Le Busque of Verizon Enterprise Solutions, Melissa Osborne of Dell Technologies and Matthew Payton of Datacom explored the immense volume of data businesses collect, and the gap in many businesses between their current utilisation and the maximum value held by such data. The speakers noted the importance of having a robust data analysis resource pool with which to effectively analyse the vast amounts of data a business carries in order to maximise the utility of such data in informing ongoing business decisions.

Read More

No cyber insurance? Check your policy – you may be covered for more than you think

By Cameron Abbott, Rob Pulham and Max Evans

Over the past 2 years we’ve seen a steady rise in interest in cyber insurance policies to cover key online risks.

However, as the terms and coverage for cyber insurance offerings steadily standardise, it may not be worth throwing out your old policies just yet.

In his recent article available here our colleague Gregory Wright discusses several recent US cases where insurance holders were found to be covered under more general policies of insurance – even if they weren’t specifically directed towards cyber risks.

A New Low: Red Cross subject to Fraudulent Claims for Bushfire Grants by Cyber Thieves

By Cameron Abbott and Max Evans

If you thought cyber attackers couldn’t go any lower, think again. Cyber thieves are tying up valuable resources at the Australian Red Cross through computer generated applications for bushfire relief assistance, according to an article from the AAP.

According to the article, cyber thieves are using applications to automate hundreds of fraudulent attempts to access financial assistance from the Red Cross, which is distributing grants of up to $20,000 per application with a total grant of around $1,000,000 per day. In one community, there were applications made in respect of 15 homes that purportedly had been destroyed by bushfires, but when physically checked remained unaffected. Go figure!

Read More

Hand Out of a Different Cookie Jar: Google to Eliminate all Third Party Cookies

By Cameron Abbott, Max Evans and Florence Fermanis

Google is aiming to eliminate all third party cookies by 2020, according to a recent article by ABC Science.

‘Cookies’ have gained a somewhat infamous reputation beyond their sweet moniker. Third party cookies particularly are created by a party that is different to the website you are using, and are designed to help market a certain good to you as you surf across the web. Think of a pair of trousers you viewed once that now pop up in different advertisements across different websites. These are the sort of cookies Google wants to ban.

This comes amidst increasing demand by consumers for better privacy protection, according to Justin Schuh, Google’s director of Chrome Engineering.

Read More

Toll’d You So: Cyber Security Incident Cripples Toll’s Supply Lines, Causes Customer Backlash

By Cameron Abbott, Warwick Andersen and Max Evans

Further information surrounding the specific details and extent of the security breach suffered by transport and logistics network Toll, which we previously blogged in respect of, have been revealed by the Australian Financial Review.

The crippling ransomware attack, known now as “Mailto” or “Kazakavkovkiz” caused Toll to suspend many of its delivery and tracking systems with a Toll spokesperson indicating that the company needed to suspend up to 500 applications that supported its operations across 25 countries worldwide. In Australia, entities such as Nike, Optus, and Telstra were forced to address a multitude of customer complaints arising out of packages affected by the relevant cyber attack.

Read More

New Decade, New Facebook? Facebook Reaches $550 Million Settlement in Facial Recognition Class Action, Agrees to Upgrade Privacy Safeguards

By Cameron Abbott, Max Evans and Florence Fermanis

Facebook is in the news again, but this time it’s not for the Cambridge Analytica scandal that took over our screens in 2019. Facebook has agreed to pay $550 Million USD to settle a class action which claimed that it had collected and stored biometric information belonging to millions of users without their consent, according to reports by Reuters and TechXplore.

According to the reports, the relevant users alleged that Facebook illegally collected biometric data through its ‘Tag Suggestions’ feature, which allowed users to recognise Facebook friends from uploaded photographs.

Read More

You’ve Got (Junk) Mail: Optus Slammed with $504k Fine For Spam Law Breach

By Cameron Abbott, Max Evans and Florence Fermanis

Optus has been fined $504,000 by the Australian Communications and Media Authority (ACMA) for breaching spam laws, according to articles by the ABC and the SMH. The fine is the second largest in ACMA’s history to be awarded, being just $6,000 shy of the $510,000 fine which was slapped on Telstra in 2014 for missing service standards for urban landline connections.

Despite customers notifying Optus of their wish to opt-out or unsubscribe from such messages, an ACMA investigation found that customers still received the relevant messages, resulting in more than 2 million breaches to the Spam Act 2003 (Cth). Rather than a ‘one-off’ issue, it was found that Optus had systemic deficiencies with their compliance procedures and governance.

Read More

Don’t let coronavirus get your system infected

By Cameron Abbott and Allison Wallace

You’ve all likely seen various news reports and online posts about the coronavirus epidemic – you may have even received email alerts on how you can protect yourself from being infected.

It turns out cyber criminals are using our curiosity to bait us with fake documents purporting to inform us about coronavirus while actually infecting our systems with malware.

Read More

Taking its Toll: Toll Shuts Down IT Systems Citing Cyber-Security Incident

By Cameron Abbott, Max Evans and Florence Fermanis

We have our first large scale data breach of the decade. Toll, a transport and logistics network which delivers up to 95 million items globally every year, has temporarily shut down a number of its IT systems as a precautionary measure after suffering a cyber-security breach on Friday, according to an article by the SMH.

A spokesperson has indicated that Toll has cybersecurity experts working closely with their IT team on the breach, and is taking careful internal measures so that systems can be brought back up online in a “controlled and secured manner”. Additionally, Toll has initiated business continuity plans to minimise the disturbance brought on by the breach. While any official numbers of affected customers and the exact nature and extent of the breach have not yet been released by Toll, The Register has reported that the breach has reportedly affected customers in Australia, India and the Philippines.

Read More

Copyright © 2019, K&L Gates LLP. All Rights Reserved.