Tag: personal information

1
Is Microsoft giving us a window to our personal data?
2
Emergency warning system hacked
3
Tesco Bank fined £16.4 million for failing to protect account holders against an avoidable cyber-attack in 2016
4
Open Government? – political misstep leads to privacy breach
5
UK Information Commissioner Orders Cambridge Analytica to Hand Over American’s Personal Data
6
Is Uber’s Greyball pushing the boundaries of what is legally and ethically OK?
7
It’s official and, it’s personal – Gemalto’s 2015 results reveal scary cybercrime stats
8
Hold the phone…is “metadata” personal information? Who knows?

Is Microsoft giving us a window to our personal data?

By Cameron Abbott and Allison Wallace

We often blog on this page about personal information being breached, data being hacked, systems being compromised – and tell cautionary tales of the difficulties businesses can experience if they experience a data breach.

So what if there was a good news story? A way to know what information there is out there about you, so that if it is compromised, you can take control? Microsoft may just be working on such a solution.

Multiple websites (see here and here) have now reported on Microsoft’s “Project Bali” – which, although still in a private testing phase is accessible to a lucky few, by invite only.

The Project Bali website reportedly describes the tech giant’s project as “a new personal data bank which puts users in control of all data collected about them” and will allow users to “store all data (raw and inferred) generated by them ..[and] to visualise, manage, control, share and monetise the data”.

It is reported that the project was borne from a Microsoft Research paper in 2014 that delved into the concept of “Inverse Privacy” – allowing consumers to access the data that any given business holds about them, increasing transparency, something consumers value.

In theory, Project Bali seems like a good antidote to the increasing number of privacy incursions we are seeing (such as this and this). However, whether the idea is commercialised and becomes publicly available, only time will tell. We will keep you posted.

Emergency warning system hacked

By Warwick Andersen, Rob Pulham and Allison Wallace

A new year, and a new hacking incident – this time, it was the Early Warning Network (EWN) – a text and email service used by councils around Australia to warn locals of emergency situations.

On its Facebook page, EWN stated that a hacker was able to access its system, sending out messages via text, email and landline stating that EWN had been hacked and that the receiver’s personal data was not safe. The message also included links to support email addresses and a website.

EWN said that the hack was quickly identified and systems shut down, with no-one’s personal information compromised during the attack. The attack is believed to have originated within Australia, involving compromised login details.

While EWN said that personal information was not compromised by this incident, it serves as a timely reminder for businesses to check and test their information security processes and data breach response plans – and if one isn’t in place, to implement one.  The Office of the Australian Information Commissioner reported that it received 550 notifications of data breaches from the time the notifiable data breach legislation commenced on 22 February 2018 to 30 September 2018.

If you’d like to find out more about the legislation, or what your business can do to protect itself, check out this 60-second video by Cameron Abbott.

Tesco Bank fined £16.4 million for failing to protect account holders against an avoidable cyber-attack in 2016

By Cameron Abbott and Colette Légeret

The UK’s banking watchdog, the Financial Conduct Authority (FCA), has fined Tesco Bank, the banking arm of UK supermarket chain Tesco, £16.4 million (approximately AU$29.5 million) for failing to exercise due skill, care and diligence in protecting its personal current account holders against a cyber-attack that occurred in 2016.

This cyber-attack affected thousands of account holders and netted the cyber-criminals £2.26 million (approximately AU$4.07 million) in 48 hours. It was described, at the time, as an unprecedented assault against a UK regulated bank.

Read More

Open Government? – political misstep leads to privacy breach

By Cameron Abbott and Keely O’Dowd

Navigating the political terrain and party politics can be a treacherous journey for any politician.

Recently, we have been captivated by a political misstep that involved the tabling of approximately 80,000 confidential and unredacted Cabinet documents of a former Government in the Victoria Parliament. In usual circumstances, these documents would have remained confidential for 30 years, unless the former Government consented to the release of the documents.  However, in an attempt to seek an advantage in the political arena, the Victorian Government of the day decided to release these documents in Parliament and online.

Read More

UK Information Commissioner Orders Cambridge Analytica to Hand Over American’s Personal Data

Cameron Abbott and Georgia Mills

The UK Information Commissioner has ordered UK-based firm Cambridge Analytica to hand over all the personal information it holds about an American academic, confirming the right of people to access the personal data held about them by a UK firm.  The academic initially approached Cambridge Analytica for it to explain what information it had gathered on him, and later complained to the Commissioner that the consulting firm had failed to share the entirety of its data on him nor explained how it accumulated the information it held.

Read More

Is Uber’s Greyball pushing the boundaries of what is legally and ethically OK?

By Cameron Abbott and Allison Wallace

Ridesharing service Uber has been using a self-developed program called Greyball in a bid to avoid regulatory scrutiny and other law enforcement activity.

As reported in The New York Times, the program uses various techniques to survey government officials when rolling out the service in new cities. This came after Uber’s services encountered legal issues (including cars being impounded and drivers fined) as it tried to operate in new locations, including in Melbourne, Australia. Read More

It’s official and, it’s personal – Gemalto’s 2015 results reveal scary cybercrime stats

By Cameron Abbott and Meg Aitken

Never mind your credit card details, let’s worry about cybercriminals stealing your identity.

The latest Breach Level Index released by Gemalto has revealed that identity theft was the primary target of hackers in 2015, with stolen personal information accounting for 53% of all data breaches.

It’s a worry, you see, because while your credit card has inbuilt security defences and merchant protection mechanisms, your valuable personal information is probably stored in multiple locations, across a number of interfaces, in a variety of forms, exposing it to substantial risk of theft.

Not only is the massive volume of personal information that is available to be stolen a cause for alarm, but what cybercriminals can potentially do with that information is the major concern.

So who is to blame? Well, malicious outsiders were the leading source of data breaches in 2015, accounting for 58%, accidental loss of data was next and then came malicious insiders, who accounted for 14% of all data breaches.

Clearly, companies need to recognise that today’s cyber environment demands robust security strategies that not only protect networks from external attacks and accidental data loss, but also keep an eye on insiders too.

To secure against a data breach, Gemalto recommends that organisations commit to the encryption of all sensitive information, secure storage and management of data and encryption keys, and controlled access and authentication of users.

Access the Gemalto 2015 Breach Level Index Report here.

Copyright © 2019, K&L Gates LLP. All Rights Reserved.