Tag:data breach

1
Deloitte hack: Big four cyber-security advisor takes a hit
2
Equifax data breach: 143 million records exposed but senior executives not told immediately?
3
Security incidents high, confidence to manage them low. Really? We did see this coming – why aren’t we better prepared?
4
Gartner: Worldwide spending on information security to reach $93 billion in 2018
5
The police are reading … a lot … more than half a million times last year
6
McDonald’s India (inadvertently) delivering more than just burgers in India
7
Old-school data breach sees hospital investigated
8
US Government charges two Russian spies for 2014 Yahoo data breach
9
Australia’s new data breach notification laws: what they mean for you
10
Update: Mandatory Data Breach Notification Laws closer to being introduced

Deloitte hack: Big four cyber-security advisor takes a hit

By Cameron Abbott and Olivia Coburn

“Big four” accounting and consulting firm Deloitte revealed on Monday that it was targeted by a hack that exposed its email system and client records.

Although Deloitte has not yet provided details on the full extent of the breach, it confirmed that the information accessed includes confidential emails and plans of some of its blue-chip clients. It also said that “very few” clients were affected.

Read More

Equifax data breach: 143 million records exposed but senior executives not told immediately?

By Cameron Abbott and Olivia Coburn

Equifax has joined Yahoo on the podium for the award no one wants: suffering one of the largest data breaches in history.

Equifax, one of the three largest US credit reporting agencies, announced last week that it suffered a cybersecurity incident potentially impacting 143 million US consumers –  a figure comprising of roughly 55 per cent of Americans aged 18 years or older. Some UK and Canadian residents are also affected.

Read More

Security incidents high, confidence to manage them low. Really? We did see this coming – why aren’t we better prepared?

By Cameron Abbott and Olivia Coburn

RiskIQ, a US-based cyber security company, has reported that 40% of businesses surveyed in the US and the UK have experienced 5 or more significant security incidents in the past 12 months. Significant incidents include malware, targeted attacks, mobile exposures, rogue mobile apps, website or brand abuse, phishing and social impersonation.

RiskIQ, through IDG Connect, also surveyed the confidence of corporate decision-makers in their ability to handle and mitigate cyber threats. Their report, 2017 State of Enterprise Digital Defense Report, reveals that nearly two-thirds of respondents had no to modest confidence in their ability to manage digital threats.

Read More

Gartner: Worldwide spending on information security to reach $93 billion in 2018

By Cameron Abbott and Olivia Coburn

Global spending on information security products and services will reach $86.4 billion this year, according to US-based technology research and advisory firm Gartner, Inc.

This figure is an increase of 7 per cent over 2016, and is expected to grow to $93 billion in 2018.

Read More

The police are reading … a lot … more than half a million times last year

By Cameron Abbott and Edwin Tan

News Corp reported today that law enforcement agencies accessed the private data of Australian individuals about 541,300 times during the past 12 months. This is an estimated increase of about 60 percent compared to the previous year.

This is in addition to the Australian Federal Police (AFP) confirming on Friday that an officer had accessed phone records without a warrant earlier in the year. No action was taken against the officer.

The 2015 amendments to the Telecommunications (Interception and Access) Act 1979 (Cth) made it mandatory for telecommunications companies and internet service providers to retain metadata. This metadata can be accessed without a warrant by 21 government agencies, including the AFP.

However, journalists’ telecommunications data cannot be accessed by agencies without first obtaining a “Journalist Information Warrant”. An agency must apply to a Federal Court judge or a nominated Administrative Appeals Tribunal member to be granted the warrant.

The breach has sparked calls for an independent and public inquiry into the AFP, with Senator Nick Xenophon calling the incident “a complete failure with no real explanation”.  Not the last we will hear about this issue we think.  Read more about this here.

McDonald’s India (inadvertently) delivering more than just burgers in India

By Cameron Abbott and Allison Wallace

McDonald’s has fallen foul of customer expectations after its McDelivery app leaked the personal information of about 2.2 million users.

Access to the names, emails, home addresses and phone numbers of users was made readily available due to a poorly configured server, according to security firm Fallible.

The fast food giant told the Times of India that the app is safe to use – but Fallible tested the app again after McDonald’s said it had updated it to fix the issue, and found that it was still leaking data.

Old-school data breach sees hospital investigated

By Cameron Abbott and Allison Wallace

While health institutions around the world work to secure patients’ personal information and prevent the hacking or leaking of data from their systems, one Melbourne hospital is being investigated after medical records were found lying in a gutter in a nearby street.

Fairfax Media reports Australia’s Privacy Commissioner Timothy Pilgrim is investigating how the paper records of 31 patients of the John Fawkner Private Hospital were removed from the premises last month.

The documents, which were found by a local resident, were sent to both the Privacy Commissioner, and Victoria’s Health Complaints Commissioner.

Under current legislation, there is no obligation for the hospital to notify the affected patients that their privacy has been breached. All this will change under the new data breach notification laws, which were passed by the Australian government last month, and are expected to come into force within the next 12 months.

This breach is a timely reminder for all businesses, government agencies and other organisations covered by Australia’s privacy laws to take stock of how they store personal information – whether it be in a filing cabinet, on a hard-drive, or in a cloud – and ensure it is secure.

US Government charges two Russian spies for 2014 Yahoo data breach

By Cameron Abbott and Giles Whittaker

US federal authorities have charged 4 men – including 2 Russian spies – in regards to the massive 2014 Yahoo data breach that resulted in the stolen data of over 500 million Yahoo accounts in 2014.

It is speculated that the Russian government used the information obtain to conduct a range of espionage activities, including the targeting of “Yahoo trade secrets that contained, among other data, subscriber information including users; names, recovery email accounts, phone numbers and certain information required to manually create or “mint,” account authentication web browser “cookies” for more than 500 million Yahoo accounts” according to an indictment.

In addition to the above Alexsey Belan – a 29 Latvian born Russian national – was able to steal financial information such as gift cards and credit card numbers from webmail accounts and used the accounts to profit from earning commissions on fraudulently redirecting a subset of Yahoo’s search engine traffic.

As the frequency and severity of cyber attacks increase, Director of the FBI James Comey identified the priority “to pierce the veil of anonymity surrounding cyber crimes,” and that US national security authorities “are shrinking the world to ensure that cyber criminals think twice before targeting U.S. persons and interests.”

Australia’s new data breach notification laws: what they mean for you

By Cameron Abbott, Rob Pulham and Allison Wallace

Further to our blog post yesterday, we’ve prepared a summary into the implications of the Privacy Amendment (Notifiable Data Breaches) Bill 2017 that has now been passed by both houses of Parliament. Read our article here.

Update: Mandatory Data Breach Notification Laws closer to being introduced

By Cameron Abbott and Allison Wallace

As foreshadowed by the Attorney General’s Department last year, the Australian government is pushing ahead with its plan to introduce mandatory data breach notification laws, with Parliament today agreeing to a third reading of the Privacy Amendment (Notifiable Data Breaches) Bill 2016. You can find more about the proposed legislation here. We’ll keep you updated as the bill makes its way through parliament.

Copyright © 2024, K&L Gates LLP. All Rights Reserved.