July 2015 – Cyber Law Watch

Australian Cyber Security Centre (ACSC) 2015 Threat Report

Jul 31 2015

On 29 July 2015, ACSC released its first unclassified ‘Threat Report’ (Report). The Report highlights the increasing number, type and sophistication of cyber security threats in Australia, and is a timely reminder to organisations to re-assess the level of their cyber security.

The key takeaway messages from the Report include:

even organisations that may not think that they hold valuable information, or that they would be of interest to cyber adversaries, could be a target for malicious cyber activities
ensuring a resilient, cyber-secure Australia requires coordination between government and the private sector, with organisations and their users taking greater responsibility for the security of their networks and information.

ASIC Releases Updated Guidance on Electronic Disclosure

Jul 28 2015

by Jim Bulling and Julia Baldi

ASIC has released updated guidance on electronic disclosure. RG 221:Facilitating online financial services disclosures. It outlines ASIC’s expectations for financial services providers that use (or plan to use) technology, including email and the internet, to deliver financial product and financial services disclosures to clients.

See RG 221 here.

Ashley Madison Data Security Breach

Jul 19 2015

By Cameron Abbott and Melanie Long

On 19 July 2015 the Avid Life Media dating website Ashley Madison, which is aimed at married people who want to have an affair, was hacked by a group known as ‘The Impact Team’. The Impact Team has threatened to release users’ profiles if Ashley Madison and other Avid Life Media websites such as Established Men and Cougar life are not shut down. The Impact Team claims to have stolen the details (including names, addresses, credit card numbers and personal sexual fantasies) of over 37 million users.

The story was broken by Brian Krebs, a former cyber crime writer for the Washington Post, on his blog ‘Krebs on Security’. A link to his article, which includes a statement made by Avid Life Media following the hack, can be found here.

Breaches Update – July 2015

Jul 15 2015

by Jim Bulling and Julia Baldi

U.S. Office of Personal Management (OPM)
The U.S. government has confirmed a second cyber attack on the OPM database. Hackers are confirmed to have stolen the personal information in relation to former, current and prospective federal government employees effecting at least 21.5-mllion people (almost 7% of the entire U.S. population).

See the ABC report here, CNN report here and Guardian report here.

OPM’s website, sets out how person’s may have been affected by the breach and what OPM is doing to assist those affected. OPM has sent notifications to those affected by the incident and is offering free identity theft monitoring and restoration services including identity theft insurance and credit monitoring.

OPM has also outlined a cybersecurity action report, available here.

Australian Prudential Regulation Authority (APRA) paper

Jul 06 2015

by Jim Bulling and Julia Baldi

APRA has released an information paper on outsourcing involving shared computing services, including cloud. The paper discusses risks for outsourcing shared services and ways in which APRA regulated entities may seek to minimise these risks.

See the information paper here.

Archive:July 2015