Category: Breaches

1
The Importance of Managing DSARs
2
Uber found to have breached Australian’s privacy following 2016 hack
3
To pay or not to pay the ransom? Organisations may find their decision easier with government guidance
4
REvil strikes again – ransomware attack on UnitingCare Queensland
5
Other Australian companies attacked by the same ransomware attack on the JBS meat processing company
6
Ransomware attack on the world’s largest meatpacking company JBS
7
Another attack on critical infrastructure – New York’s subway hacked
8
Even the Best Fall Down Sometimes: Nine Network suffers large-scale cyber attack
9
City of Oldsmar, Florida narrowly avoids ‘hot water’ in remote cyberattack on its infrastructure
10
A Home Affair: Department of Home Affairs ordered to compensate Asylum Seekers following inadvertent disclosure

The Importance of Managing DSARs

By Claude-Étienne Armingaud and Inès Demmou

With its December 2021 fine imposed on French telephone operator Free Mobile, the French data protection authority (CNIL) reiterated the importance of responding to data subject access requests (DSARs) within the relevant timeline (usually 30 days), with all the relevant and required information (Article 13 and 14 GDPR) and ensuring the security of users’ personal data (Article 32 GDPR). 

Another sanction by the Dutch Supervisory Authority relating to the principle of data minimization confirmed that such DSARs could not be conditioned by overly complex mechanisms, such as a requirement to upload a full copy of an identity document.

These sanctions demonstrate that data subjects have acquired the awareness necessary to exercise their rights, and that data controllers must implement effective channels and internal processes to handle DSARs properly, effectively, in a timely manner, and in a way that would not, in turn, generate its own set of breaches of the GDPR. 

To find out more, see our full alert here.

Uber found to have breached Australian’s privacy following 2016 hack

By Cameron Abbott and Jacqueline Patishman

In 2017, Uber disclosed to the Office of the Australian Information Commissioner (OAIC) a breach of its some 57 million global users and driver’s personal information (including approximately 1.2 million Australians). Last Friday, the OAIC determined that Uber had breached the Australian Privacy Act by failing to take reasonable steps to protect Australian’s personal information from unauthorised access.

Read More

To pay or not to pay the ransom? Organisations may find their decision easier with government guidance

By Cameron AbbottRob Pulham and Jacqueline Patishman

The Cyber Security Advisory Committee (an industry based advisory panel established by the Minister for Home Affairs to provide independent strategic advice on Australia’s cyber security challenges) has recommended in its annual report that the federal government develop a clearer policy position on the payment of ransoms by organisations that have suffered ransomware attacks.

Read More

REvil strikes again – ransomware attack on UnitingCare Queensland

By Cameron Abbott and Jacqueline Patishman

Following a ransomware infection in late April, UnitingCare Queensland has suffered a nearly 2 month long ordeal to regain control of its systems. UnitingCare was a victim of malware called Sodinokibi/REvil which encrypted its files and attempted to delete backups.

Read More

Ransomware attack on the world’s largest meatpacking company JBS

By Cameron AbbottRob Pulham and Jacqueline Patishman

Last week, a ransomware attack on the world’s largest meatpacking company caused a temporary shut-down of its operations in Australia and North America. The attack infiltrated the company’s quality assurance systems and ultimately prevented normal production.

Read More

Another attack on critical infrastructure – New York’s subway hacked

By Cameron AbbottRob Pulham and Jacqueline Patishman

In April, New York’s subway authority was hacked by a group of cybercriminals with suspected Chinese government connections. The authority is responsible for operating all of New York’s train and bus systems and the attack exposed vulnerabilities in the services used by millions every day.

Read More

Even the Best Fall Down Sometimes: Nine Network suffers large-scale cyber attack

By Cameron Abbott, Warwick Andersen, Rob Pulham and Max Evans

Channel Nine has suffered the largest cyber attack on a media company in Australia’s history, according to reports from IT News, the AFR and Nine News.

The cyber attack, reported by Channel Nine as a variation of a ransomware attack, struck early Sunday morning, resulting in television and digital production systems being offline for more than 24 hours. The attack impaired Channel Nine’s ability to broadcast from its Sydney studios, forcing the media outlet to shift operations to its Melbourne studios.

Read More

City of Oldsmar, Florida narrowly avoids ‘hot water’ in remote cyberattack on its infrastructure

By Cameron AbbottRob Pulham and Jacqueline Patishman

News reports have surfaced reporting that a hacker in the US gained access to the Oldsmar’s water treatment plant system in an attempt to release a corrosive chemical into the Oldsmar’s water supply.

Read More

A Home Affair: Department of Home Affairs ordered to compensate Asylum Seekers following inadvertent disclosure

By Cameron Abbott, Warwick Andersen, Michelle Aggromito and Max Evans

As a result of a recent class action, the Department of Home Affairs has been ordered by the Australian Information Commissioner, Angelene Falk, to pay compensation to asylum seekers after the Department was found to have interfered with the privacy of 9,251 detainees.

According to a media release from the Office of the Australian Information Commissioner (OAIC) , the relevant breach stemmed from February 2014, where the Department published on its website a “Detention Report”, which had embedded within it a Microsoft Excel spreadsheet containing the personal information (including full names, date of birth and period of immigration detention) of 9,258 individuals who were in immigration detention at that time.

Read More

Copyright © 2022, K&L Gates LLP. All Rights Reserved.