NewsBite

Advertisement

This was published 1 year ago

Five data breaches in six months hit millions of Australians

By Nick Bonyhady

Three data breaches in the second half of last year compromised the private information of millions of Australians in addition to the enormous Medibank and Optus cyberattacks that triggered public outrage.

Figures released on Wednesday by the Office of the Australian Information Commissioner show five breaches affected between 1 million and 10 million people between July and December.

Criminal intrusions were responsible for most privacy breaches.

Criminal intrusions were responsible for most privacy breaches.Credit: iStock

The figures do not name the entities breached or the exact size of the incidents but confirm a sharp rise in major cyberattacks and privacy breaches. The total number of incidents reported to the commissioner was up 26 per cent over the previous period, while the number of breaches that affected more than 5000 Australians rose 67 per cent to 40.

Along with Medibank and Optus, Woolworths subsidiary MyDeal disclosed a breach affecting an estimated 2.2 million people in October last year. The breaches could also be from overseas companies that affected Australians.

Criminal attacks accounted for 70 per cent of breaches, with the rest a result of problems such as human error and system faults. The healthcare, finance, insurance, professional services and recruiting industries reported the most breaches, in that order.

Loading

Data breaches have to be reported to the commissioner’s office when a company, group or government entity loses control of personal information that is likely to result in serious harm that cannot immediately be remediated.

Commissioner Angelene Falk said organisations should be auditing the amounts of data they have on people as a key step in avoiding serious hacks. “This starts with collecting the minimum amount of personal information required and deleting it when it is no longer needed.”

Her office’s report noted the increased number of incidents disclosed could also be a product of greater awareness that breaches have to be reported.

Advertisement

The federal government has increased fines since the Optus and Medibank breaches last year and is considering banning paying ransoms or requiring them to be reported, to stop Australia being a honeypot for hackers.

Loading

Falk said there was “merit in exploring” those proposals but stopped short of endorsing them.

Australian businesses’ cybersecurity obligations come from a host of different laws policed by different regulators, which a review published on Monday suggested the government could simplify.

However, Falk cautioned that those efforts should not detract from the purposes those different laws serve, which range from protecting the dignity of Australians when embarrassing personal information is leaked to stopping threats to critical infrastructure, and preserving competition in the economy.

Speaking at an industry forum with Falk, Shannon Sedgwick, a partner at legal and consulting firm MinterEllison, said cyber issues were being carved out of forms of professional insurance.

He said one contact had likened it to “renting a jet ski in Bali. If you crash it, you’re going to pay for it.”

The Business Briefing newsletter delivers major stories, exclusive coverage and expert opinion. Sign up to get it every weekday morning.

Most Viewed in Technology

Loading

Original URL: https://www.brisbanetimes.com.au/link/follow-20170101-p5coi9