We have witnessed several breaches of personal data over the past weeks that have affected many Australians. These breaches include the Optus and Zynga breaches. We’ve also seen guidance provided by the Office of the Australian Information Commissioner about what constitutes “serious hurt”.
Optus telco breach
Almost 10 million Australians’ personal information was compromised in a cyber attack on the second-largest telecommunications provider, Optus. This attack is just the latest in a string of attacks on telecommunications providers.
The attack on Optus came after a similar attack on Telstra. In both cases, the attackers used underground forums to distribute and copy data sets. In the Telstra case the attacker claimed to be able to access similar data from National Australia Bank. However, NAB said that the data did not include customer banking information.
The Optus attack retrieved 20,000,000 database records from two databases. The company claimed that the attackers didn’t have access to payment details or passwords of account holders. However, the company advised customers that they monitor their accounts and to look out for unusual activity.
Optus has not yet confirmed how the intruders gained entry to its consumer database. The company believes that the attack was orchestrated by an outside source. Optus CEO David Osborne says it is too early for the company to pay a ransom
However, customers could bring class action suits against the company if they do
Identity fraud has been possible due to the Optus data breach. The company has warned customers to watch out for opportunistic scams and to monitor their accounts for any unusual activity.
The attack is being investigated by the Australian government. Optus has been asked by the government to notify its customers about the breach as soon as possible. Customers were warned by the Australian Competition and Consumer Commission of possible fraud attempts. The government also proposed changing telecommunications regulations.
Optus has been working closely alongside police to prevent future breaches. The company has also been participating in damage control exercises. The company contacted the Australian Cyber Security Centre (OCS) and the Office of the Australian Information Commissioner (OIC). It has also spoken to former and current customers.
The Optus hack has been accompanied by a flurry of angry customer messages. The company has urged people to be careful when sending and receiving email. It also advised customers to change their online passwords regularly and to keep an eye on their accounts for unusual activity.
Zynga data breach
Zynga, the social game developer, disclosed a massive breach of its data that affected tens and millions of users earlier this year. The breach exposed passwords and usernames, email addresses, phone numbers, financial information, and even financial information.
The breach is the biggest in Australia’s past history. According to the Australian Cyber Security Centre, the breach is a reminder of the dangers of doing business online, as well as the need for all organisations to have adequate policies and procedures in place.
Data breaches have been discovered at several of Australia’s most important organisations. One of the biggest is the Australian Red Cross Blood Service. Personal details of guests were also exposed due to a security breach at a luxury Tasmanian casino group and hotel.
According to reports, the large cache of leaked data includes 21,222 975 unique passwords. Gnostic players are believed to have taken the trove.
According to the company, a threat actor had hacked into their systems and written code to steal personal information. The data trove includes usernames, passwords and two types dates.
Zynga said that they didn’t offer credit monitoring services
Zynga said that they didn’t offer credit monitoring services to victims and did not offer any additional protection to customers who felt their personally identifiable info was compromised. They also stated they don’t have any two-factor authentication.
Zynga spokeswoman, stating that they could not estimate how large the breach was and that it was not clear what data was at risk. Zynga has not yet confirmed the extent of the breach. However, they are currently investigating the matter. The company said that they would provide further information after the investigation is complete.
Have I Been Pawned, a website that monitors data breaches, has ranked the Zynga data breach as the second largest in the world, following the My Space breach. According to the site, the Zynga data breach was the largest in Australian history. It also claimed that it was a “huge wakeup call” for corporate Australia.
The Australian Government is pushing for new data breach notification laws. These rules will require banks that they notify customers as soon a cyber attack is detected. The rules will also require that banks implement better procedures to oversee suspicious activity.
Privacy breaches in the health sector
Data breaches can have a serious impact on a company’s reputation and the lives of staff members and patients. It can also lead to hefty litigation costs and regulatory fines.
Health Engine is one recent example of a breach in health data. The company revealed that 59.600 pieces of feedback from patients had been compromised. Concerns have been raised about the possibility of future attacks on patient data for political gain. It also revealed that health data can be used in a range of crimes, from medical fraud to identity theft.
There are several ways to protect health information from cyberattacks. These measures can include encryption, secure messaging systems, and password protected emails. Health entities must also ensure that sensitive information is protected by regularly reviewing their log entries to identify unusual uses.
The OAIC also has a guide on health privacy that organisations can use to understand their obligations under Privacy Act 1988. It is designed for the implementation of good privacy practices in health services organisations.
Health data breaches could affect the relationship between patients or their providers as they can also impact the organization’s reputation, financial health, and financial health. Additionally, health information is worth more than credit card numbers.
The OAIC also publishes statistics on data breaches, and recently released its latest report
It outlines the 83 data breaches that were reported during the first half of 2021. It also confirms, that health service providers are the ones reporting the most data breaching reports on a quarterly basis.
The OAIC works with the health sector stakeholders to improve cybersecurity awareness. The office has also provided professional advice on data breach prevention strategies.
Hackers have a great target in the health sector, as they can access and exploit highly sensitive personal data. This information is valuable to identity thieves as well as medical fraudsters. Cyber security threats are also unique in that health information can be sold up to 20x faster than other types of data.
There are many factors that can enable data breaches in health sector. These include weak internal controls, a lack of cybersecurity awareness, and increased technology use. However, this does not mean that healthcare providers are incapable of protecting themselves.
OAIC guidance for serious harm
OAIC guidance on serious harm when breaching in Australia addresses the assessment of the seriousness of a data breach. This includes whether there is a real danger of serious harm to those involved. Serious harm could include financial, reputational, or physical or emotional harm. The OAIC defines severe harm as “reasonable person would believe a data breach could cause significant harm to the individual.”
The OAIC will consider a variety of factors when determining whether the breach was serious. It will consider the following factors when determining whether the breaching was serious. If the data breach is of significant public interest, the OAIC may require the respondent to take specific steps to protect the individuals involved.
The OAIC guidance on serious harm when breaching provides some good advice about data breach notification. It recommends that organisations notify OAIC in 30 days of breaching. This is a practical deadline. It can be extended depending on what type of breaching. It recommends that you conduct a Privacy Assessment if there have been any changes in how the data is being processed.
Additionally, organizations should have a plan in place for responding to incidents
The plan should describe how the organization will respond in an incident and how it will implement that plan. It should also include a list of applicable laws. Organizations must also keep the plan updated. To encourage alignment and awareness, they must also develop a centralized dashboard.
In addition, the OAIC has a form that can be used to report an eligible data breach. The form is available in Word format. When filling out this form, organizations should consider what information is being provided, who has been notified, as well as the extent of any harm. The OAIC may direct the publication of the notification or may ask the respondent to engage an independent adviser to investigate the breaching.
In addition, the OAIC may seek to apply a fine to the organization or individual responsible for a breach. The fine can be up to AUD 2.1 million (EUR 1.3 million) for each individual affected by the breaching. The OAIC can also apply for a criminal penalty for body corporates engaged in a pattern of conduct.