Tag:security

1
Deloitte hack: Big four cyber-security advisor takes a hit
2
Equifax data breach: 143 million records exposed but senior executives not told immediately?
3
Gartner: Worldwide spending on information security to reach $93 billion in 2018
4
The police are reading … a lot … more than half a million times last year
5
Old-school data breach sees hospital investigated
6
Privacy Commissioner investigates alleged sale of telco customer information
7
Have I been pwned?
8
Bitcoin operators exposed to cyber threats
9
Lawyers potential rich targets for hackers
10
Was Mickey Mouse hacked?

Deloitte hack: Big four cyber-security advisor takes a hit

By Cameron Abbott and Olivia Coburn

“Big four” accounting and consulting firm Deloitte revealed on Monday that it was targeted by a hack that exposed its email system and client records.

Although Deloitte has not yet provided details on the full extent of the breach, it confirmed that the information accessed includes confidential emails and plans of some of its blue-chip clients. It also said that “very few” clients were affected.

Read More

Equifax data breach: 143 million records exposed but senior executives not told immediately?

By Cameron Abbott and Olivia Coburn

Equifax has joined Yahoo on the podium for the award no one wants: suffering one of the largest data breaches in history.

Equifax, one of the three largest US credit reporting agencies, announced last week that it suffered a cybersecurity incident potentially impacting 143 million US consumers –  a figure comprising of roughly 55 per cent of Americans aged 18 years or older. Some UK and Canadian residents are also affected.

Read More

Gartner: Worldwide spending on information security to reach $93 billion in 2018

By Cameron Abbott and Olivia Coburn

Global spending on information security products and services will reach $86.4 billion this year, according to US-based technology research and advisory firm Gartner, Inc.

This figure is an increase of 7 per cent over 2016, and is expected to grow to $93 billion in 2018.

Read More

The police are reading … a lot … more than half a million times last year

By Cameron Abbott and Edwin Tan

News Corp reported today that law enforcement agencies accessed the private data of Australian individuals about 541,300 times during the past 12 months. This is an estimated increase of about 60 percent compared to the previous year.

This is in addition to the Australian Federal Police (AFP) confirming on Friday that an officer had accessed phone records without a warrant earlier in the year. No action was taken against the officer.

The 2015 amendments to the Telecommunications (Interception and Access) Act 1979 (Cth) made it mandatory for telecommunications companies and internet service providers to retain metadata. This metadata can be accessed without a warrant by 21 government agencies, including the AFP.

However, journalists’ telecommunications data cannot be accessed by agencies without first obtaining a “Journalist Information Warrant”. An agency must apply to a Federal Court judge or a nominated Administrative Appeals Tribunal member to be granted the warrant.

The breach has sparked calls for an independent and public inquiry into the AFP, with Senator Nick Xenophon calling the incident “a complete failure with no real explanation”.  Not the last we will hear about this issue we think.  Read more about this here.

Old-school data breach sees hospital investigated

By Cameron Abbott and Allison Wallace

While health institutions around the world work to secure patients’ personal information and prevent the hacking or leaking of data from their systems, one Melbourne hospital is being investigated after medical records were found lying in a gutter in a nearby street.

Fairfax Media reports Australia’s Privacy Commissioner Timothy Pilgrim is investigating how the paper records of 31 patients of the John Fawkner Private Hospital were removed from the premises last month.

The documents, which were found by a local resident, were sent to both the Privacy Commissioner, and Victoria’s Health Complaints Commissioner.

Under current legislation, there is no obligation for the hospital to notify the affected patients that their privacy has been breached. All this will change under the new data breach notification laws, which were passed by the Australian government last month, and are expected to come into force within the next 12 months.

This breach is a timely reminder for all businesses, government agencies and other organisations covered by Australia’s privacy laws to take stock of how they store personal information – whether it be in a filing cabinet, on a hard-drive, or in a cloud – and ensure it is secure.

Privacy Commissioner investigates alleged sale of telco customer information

By Cameron Abbott and Allison Wallace

Australia’s Information and Privacy Commissioner Timothy Pilgrim is making enquiries into allegations that the personal information of customers of three Australian telcos is being sold online.

Fairfax uncovered an alleged rort involving ‘corrupt insiders’ at the offshore call centres of Telstra, Optus and Vodafone, which has allegedly seen details including customers’ addresses, dates of birth and billing statements leaked to at least one private company in India, which is then allegedly selling the information for up to $1000.

Commissioner Pilgrim has said in a statement that he is working to determine what further action may need to be taken.

All three telcos have also released statements, reiterating that they take the privacy of their customers seriously. Vodafone and Optus have met with the AFP, which has now passed the matter on to Indian authorities.

Have I been pwned?

By Cameron Abbott and Rebecca Murray

Information security blog {ride the lightning} has featured Troy Hunt’s “Have I been pwned” website which identifies whether your online account has ever been compromised in a data breach when you enter your account’s login ID.

Troy Hunt describes himself on his website as a Microsoft Regional Director, a Microsoft Most Valuable Professional awardee for Developer Security, blogger at troyhunt.com, international speaker on web security and the author of many top-rating security courses for web developers on Pluralsight. While we don’t know much about his site, it is reported to be safe and provides a very handy tool to determine if you have been unknowingly hacked. Of course, even if the site is legitimate, who is to say it won’t be breached? It’s just that it’s so useful.

See if you have been pwned here…and yes…we both have been.

 

Bitcoin operators exposed to cyber threats

By Cameron Abbott and Rebecca Murray

Reuters has reported that a third of bitcoin trading platforms have been hacked, and nearly half have closed since they entered the scene 6 years ago. This increasing risk for bitcoin holders is compounded by the fact there is no depositor’s insurance to absorb the loss. That approach heightens cybersecurity risks and also exposes the fact that bitcoin investors have little choice but to do business with under-capitalized exchanges.

This issue was evident when Bitfinex was hacked earlier this month and an estimated $70 million in bitcoin was stolen. The virtual bank’s customers were forced to share the losses resulting in a generalized loss percentage of 36.067%. Read our blog post on this hacking here.

Experts say trading venues acting like banks such as Bitfinex will remain vulnerable. These exchanges act as custodial wallets in which they control users’ digital currencies like banks control customer deposits. However, unlike their brick-and-mortar counterparts, when customers’ bitcoin accounts are hacked, there is currently no third party that can step in to deal with the theft. As a result, these underfunded exchanges require nearly perfect security.

Given this it is not surprising that certain governments around the world are exploring the possibility of central bank issued digital currencies using distributed ledger technology which could compete with the private digital currency systems such as bitcoin. Read more on this here.

Lawyers potential rich targets for hackers

By Cameron Abbott and Rebecca Murray

As the threat of cybercrime and cyber espionage continues to grow globally, the Law Council of Australia has announced that it will launch a national cyber security information campaign for the legal profession this year. Read the Law Council’s media release here.

The Law Council has been working in partnership with the legal profession, cyber security experts, and government to formulate the information initiative since it nominated cyber security as a key priority at the beginning of the year. Launch of the campaign is expected by the end of 2016.

The president of the Law Council, Stuart Clark, says cyber security is a ‘major problem’ for law firms and the government has an important role to play in raising awareness and providing information about the technology involved. We say, we like teasing large global companies about their security failings … as long as it’s not ours!!

Was Mickey Mouse hacked?

By Cameron Abbott and Rebecca Murray

Disney Interactive has notified users of its Playdom Forum that hackers have stolen personal information, which could put their privacy and online security at risk. The hackers acquired usernames, email addresses, and passwords for playdomforums.com accounts as well as IP addresses. Disney has not disclosed how many users have been affected, although the forum is said to have over 350,000 members. Read Disney Interactive’s statement here.

Copyright © 2024, K&L Gates LLP. All Rights Reserved.