Tag: Breach

1
“Major systemic failure”: The Federal Court of Australia published full names of asylum seekers on the Commonwealth Courts Portal
2
You’ve Got (Junk) Mail: Optus Slammed with $504k Fine For Spam Law Breach
3
Human error accounts for 34% of Notifiable Data Breaches – 3 key take outs from the latest OAIC report
4
Major privacy and security breaches confirmed this week: Westpac, the ANU and Princess Polly targeted
5
Q4 NOTIFIABLE DATA BREACHES CONTINUE TO RISE
6
China in breach of cyber-security pact
7
Cyber-attack on Bristol Airport – Ransomware leaving travellers in the dark about their flights!
8
Open Government? – political misstep leads to privacy breach
9
Former MasterChef contestant falls victim to online fraud attack
10
Research reports say risks to smartphone security aren’t phoney

“Major systemic failure”: The Federal Court of Australia published full names of asylum seekers on the Commonwealth Courts Portal

By Cameron Abbott, Rob Pulham, Michelle Aggromito and Rebecca Gill

The Federal Court of Australia has suffered a catastrophic data breach in which the names of individuals seeking protection visas in Australia have been published on the publicly available Commonwealth Courts Portal database for years.

Ordinarily, the files of such applicants are listed by pseudonyms which are a collection of numbers and letters.

Read More

You’ve Got (Junk) Mail: Optus Slammed with $504k Fine For Spam Law Breach

By Cameron Abbott, Max Evans and Florence Fermanis

Optus has been fined $504,000 by the Australian Communications and Media Authority (ACMA) for breaching spam laws, according to articles by the ABC and the SMH. The fine is the second largest in ACMA’s history to be awarded, being just $6,000 shy of the $510,000 fine which was slapped on Telstra in 2014 for missing service standards for urban landline connections.

Despite customers notifying Optus of their wish to opt-out or unsubscribe from such messages, an ACMA investigation found that customers still received the relevant messages, resulting in more than 2 million breaches to the Spam Act 2003 (Cth). Rather than a ‘one-off’ issue, it was found that Optus had systemic deficiencies with their compliance procedures and governance.

Read More

Human error accounts for 34% of Notifiable Data Breaches – 3 key take outs from the latest OAIC report

By Cameron Abbott and Karla Hodgson

The Office of the Australian Information Commissioner has released its Q2 statistics on notifications received under the Notifiable Data Breach (NDB) scheme. The 245 breach notifications in Q2 are on par with each other quarter since the scheme was introduced in July 2018 and while the majority of NDBs (62%) are attributed to malicious or criminal attacks, we noted with interest that a staggering 34% are due to human error – that is, mostly avoidable errors made by staff. A consistent theme of our blogs is reinforcing the message that employees are the front line of defence for organisations.

There are 3 key statistics we took away from these human error NDBs.

Read More

Major privacy and security breaches confirmed this week: Westpac, the ANU and Princess Polly targeted

By Cameron Abbott, Allison Wallace and Rebecca Gill

It’s been a chilly start to winter for three Australian organisations, who’ve this week reported major privacy and security breaches.

Up to 100,000 Australians’ personal information has been exposed in a hack affecting Westpac Bank. Westpac confirmed on Monday that details of Australian bank customers (not just those of Westpac) were exposed in a cyberattack on real time payments platform PayID. The banking giant says it noted a high volume of PayID lookups in 2019 on a semi-daily basis, which was a result of attackers trying to guess phone numbers, which, if guessed correctly, would give them the name of the account holder to which the number is linked. Despite the hack, Westpac says that no customer bank account details were compromised as a result of this cyberattack. Nevertheless, experts warn that the details accessed could still be used to commit fraud.

Read More

Q4 NOTIFIABLE DATA BREACHES CONTINUE TO RISE

By Cameron Abbott, Rob Pulham and Ella Richards.

The Office of the Australian Information Commissioner (OAIC) has released its fourth quarter report of notifiable data breaches between October – December 2018.

The report exposed that the OAIC received 262 notifications of data breaches, which has increased from the 245 notifications that were reported the previous quarter. Below are the key findings from their report:

  • The OAIC report identified the top five sectors who reported data breaches. Private health service providers reported 54 breaches, the finance sector reported 40 breaches, professional services reported 23 breaches, private education providers reported 21 breaches and the mining and manufacturing industry has made its first appearance with a reported 12 breaches.
  • 85% of data breaches involved individual’s contact details, 47% involved financial details, 36% involved identity details, 27% involved health details, 18% involved tax file numbers, and 9% involved other types of personal information.
  • The sources of breach varied, with 64% of data breaches due to malicious or criminal attack, 33% due to human error, and 3% due to system faults.
  • The report also breaks down the breach types per industry. Interestingly, the finance sector experienced the most malicious cyber attacks, and human error dominated the healthcare sector.

Even though 60% of the total breaches involved personal information of 100 individuals or fewer, there were a couple of notifications affecting a significantly higher number of individuals (including one that affected more than 1 million individuals). Human error breaches resulting in the unauthorised disclosure of personal information (via unintended release or publication) impacted an average of more than 17,000 individuals per breach (though this average seems likely to have been skewed by some particularly large breaches), and the failure to securely dispose of personal information affected an average of 300 individuals per breach.

Most data breaches resulted from malicious attacks which gain access through compromised credentials (such as phishing emails or stolen username and passwords). So, if you believe that the email from your CEO requesting your bank details for your exorbitant raise is legitimate, think again!

China in breach of cyber-security pact

By Cameron Abbott and Wendy Mansell

It has been a fairly turbulent week in the cyber-espionage space following accusations that China’s Ministry of Security Services is behind the surge of intellectual property theft from Australian companies.

The news that the persistent attacks on Australian IP are perhaps a State sponsored campaign by the Chinese government is concerning as it suggests that China are in breach of several international and bilateral agreements.

In 2015, an agreement was made between Chinese President Xi Jinping and former President Obama, that the U.S and China would not steal intellectual property from one another for commercial gain. This was furthered at the November 2015, G20 Summit, where the cyber-theft of IP was accepted as the norm.

Following on from this in September 2017, former Prime Minister Malcolm Turnbull and Chinese Premier Li Kequiang promised that neither country would engage in cyber-theft of intellectual property and commercial secrets.

Reports of cyber-theft declined immediately after these agreements, however in recent months they have ramped up again.

A U.S Trade Representative report released this week confirms that despite any international agreements, China has continued engaging in cyber-espionage and the theft of intellectual property. Further the report states that not only is China likely to be in breach of these agreements, but the attacks have “increased in frequency and sophistication”.

Notably in July of this year, China was linked to the cyber-breach of Australian National University. This attack was particularly disturbing given that ANU is a leading university involved in key areas of Australian technological, scientific, defence and commercial research.  It is fascinating that cyber attacks and theft are a “norm” that is accepted within our overall international relationships.  Physical acts of a similar nature would not be so easily accepted.

Cyber-attack on Bristol Airport – Ransomware leaving travellers in the dark about their flights!

By Cameron Abbott and Colette Légeret

In response to a cyber-attack on the administrative systems of Bristol airport, believed to be ransomware, the airport took a number of applications down as a precautionary measure, including the application that provides flight data for flight information screens.

Read More

Open Government? – political misstep leads to privacy breach

By Cameron Abbott and Keely O’Dowd

Navigating the political terrain and party politics can be a treacherous journey for any politician.

Recently, we have been captivated by a political misstep that involved the tabling of approximately 80,000 confidential and unredacted Cabinet documents of a former Government in the Victoria Parliament. In usual circumstances, these documents would have remained confidential for 30 years, unless the former Government consented to the release of the documents.  However, in an attempt to seek an advantage in the political arena, the Victorian Government of the day decided to release these documents in Parliament and online.

Read More

Research reports say risks to smartphone security aren’t phoney

By Rob Pulham, Warwick Andersen and Sarah Goegan

Beware! Your favourite apps may be putting your phone and data at risk. Reports from Allot and BitSight have examined rising threats to the security of our mobile devices.

Read More

Copyright © 2019, K&L Gates LLP. All Rights Reserved.