Breaches – Page 8 – Cyber Law Watch

Beware of third party data breaches

Nov 20 2018

By Cameron Abbott and Keely O’Dowd

A study by Ponemon Institute found the percentage of US and UK companies that faced a data breach because of a vendor or third party is growing. In the US alone, 61% of surveyed respondents confirmed that their organisation had experienced a data breach caused by a third party, which is up 5% from last year and 12% from 2016.

Ponemon Institute’s research also found that 22% of surveyed respondents admitted they did not know if they had a third party data breach during the past 12 months and more than three quarter of companies thought third-party cyber security breaches were increasing.

These research findings suggest to us that businesses must do more to guard against third party data breach risks. This may involve:

conducting due diligence on third party vendors to assess their security and privacy practices as part of a procurement process and throughout the ongoing vendor relationship;
including robust privacy and data security clauses in contracts with third parties, including the requirement that the third party notify you of actual and suspected data breaches; and
keeping a register of all third party vendors your business engages and the types of personal, sensitive of confidential information the third party vendors accesses, stores or shares on behalf of your business.

The third party landscape is becoming increasingly complex and businesses need to better manage and understand what exactly their vendors are up to and doing to protect their data.

US, Russia and China don’t pledge to fight cybercrime

Nov 13 2018

By Cameron Abbott and Wendy Mansell

Fifty countries including Japan, Canada and many EU nations have come together with over 150 tech companies, pledging to fight against cybercrime. United State’s tech giants such as Facebook, Google and Microsoft have also joined the party.

The United States, Russia and China however have decided not to sign on. Each has no doubt very different reasons for this – the disappointment is mostly directed to the US. However it is a shame that Russia and China did not also feel the weight of the international community pressure to accept these principles.

The effort to combat cybercrime is being led by France, with French President Emmanuel Macron claiming that it is urgent that the internet is better regulated.

The countries and companies involved are fighting against illegal online activity like censorship, cyber interference in elections, hate speech and trade secrets theft.

The pledge has been made in a document titled the “Paris call for trust and security in cyberspace”.

Q3 Notifiable breaches industry league results: Health first … lawyers a solid third!

Nov 08 2018

By Cameron Abbott, Keely O’Dowd and Colette Légeret

The Office of the Australian Information Commissioner (OAIC) has released its third quarterly report of notifiable data breaches. This is the second OAIC report to be released covering a full quarter.

The report revealed that OAIC received 245 notifications of data breaches, marginally up from 242 notifications in the second quarterly report.

Some interesting figures from the OAIC’s report are as follows:

18% of notifications were from health service providers, 14% were from the finance sector; 14% were from the legal, accounting and management services sector; 7% were from the private education sector, and 5% were from the personal services sector;
85% of data breaches involved individual’s contact details, 45% involved financial details, 35% involved identity details, 22% involved health details, 22% involved tax file numbers, and 7% involved other types of personal information; and
57% of data breaches were due to malicious or criminal attack, with 37% due to human error, and 6% due to system faults, with cyber incidents, namely compromised credentials or phishing being the main the cause of

Of the 245 data breaches, 58 affected only one individual – however, 7 affected more than 10,000 individuals.

These figures are a clear reminder of the need to ensure that your business is equipped to deal with data breaches. To learn more about this, take a look at this 60-second video by Cameron Abbott. With professional services ranking a solid third, we’ll take some of our own advice too!

Australia identified as the link in a major Chinese hack!

Nov 01 2018

By Cameron Abbott and Jessica McIntosh

According to the US, China is trying to advance its aviation manufacturing capability using stolen information – and the latest is…. the information is being stolen out of Australia!

An Australian IT company dubbed “Company L” has been placed smack bang in the middle of a major hacking case in the US where US authorities have very publically and powerfully accused China of using compromised domain names to steal important aviation technology, alarmingly this has been happening for the large part of the last five years.

Tesco Bank fined £16.4 million for failing to protect account holders against an avoidable cyber-attack in 2016

Oct 04 2018

By Cameron Abbott and Colette Légeret

The UK’s banking watchdog, the Financial Conduct Authority (FCA), has fined Tesco Bank, the banking arm of UK supermarket chain Tesco, £16.4 million (approximately AU$29.5 million) for failing to exercise due skill, care and diligence in protecting its personal current account holders against a cyber-attack that occurred in 2016.

This cyber-attack affected thousands of account holders and netted the cyber-criminals £2.26 million (approximately AU$4.07 million) in 48 hours. It was described, at the time, as an unprecedented assault against a UK regulated bank.

2018 Trends in Cyber-crimes so far…

Sep 23 2018

By Cameron Abbott and Colette Légeret

The first half of 2018 has been busy for cyber-criminals and cyber-security alike. According to Trend Micro, cryptocurrency mining detections have jumped 96% in this six month period compared to the total number detected in 2017.

In that same time, over 20 billion threats were blocked by Trend Micro’s Infrastructure, a few billion threats less than in the first half of 2017. Of these threats, less were “spray and pay” ransomware attacks and breaches, as cyber-criminals are flying under the radar with crypto-jacking, along with fileless, macro and small file malware techniques.

Open Government? – political misstep leads to privacy breach

Sep 07 2018

By Cameron Abbott and Keely O’Dowd

Navigating the political terrain and party politics can be a treacherous journey for any politician.

Recently, we have been captivated by a political misstep that involved the tabling of approximately 80,000 confidential and unredacted Cabinet documents of a former Government in the Victoria Parliament. In usual circumstances, these documents would have remained confidential for 30 years, unless the former Government consented to the release of the documents. However, in an attempt to seek an advantage in the political arena, the Victorian Government of the day decided to release these documents in Parliament and online.

FAKE APPS FIND A WAY TO GOOGLE PLAY!

Aug 05 2018

By Cameron Abbott and Jessica McIntosh

Over the last two months a string of fake banking apps have hit the Google Play store, leaving many customers wondering whether they have been affected by the scam. A report by security firm ESET found users of three Indian banks were targeted by the apps which all claimed to increase credit card limits, only to convince customers to divulge their personal data, including credit card and internet banking details. The impact of this scam was heightened as the data stolen from unsuspecting customers was then leaked online by way of an exposed server.

242 data breaches reported in second quarter of notifiable data breach regime

Jul 31 2018

By Warwick Andersen, Rob Pulham and Colette Légeret

The Office of the Australian Information Commissioner (OAIC) has released its second quarterly report of notifiable data breaches. This report is of particular significance as it, unlike the first “quarterly” report, covers a full quarter and therefore depicts a more accurate account of data breaches over a calendar quarter.

Facebook fined £500,000 over Cambridge Analytica scandal

Jul 13 2018

By Cameron Abbott and Sarah Goegan

The UK Information Commissioner’s Office (ICO) has issued a notice of intent to levy a £500,000 fine against Facebook for breaches of the UK’s Data Protection Act 1998. The ICO found that Facebook failed to protect its users’ data and be transparent about how that data was being harvested. This failure, ICO said, did not enable users to understand how and why they may be targeted by a political party or campaign.

The fine comes as part of a larger investigation by ICO into misuse of data in political campaigns, and responds to the highly publicised allegations that Cambridge Analytica used data obtained from Facebook to target voters in the 2016 US presidential election.

Catagory:Breaches