Massive data breach is a ‘wake-up call’ for Australia

All the major Australian newspapers read in all capital letters this weekend: “We’re so sorry.” Sender is telecommunications company Optus, which has apologized for a data breach that left privacy-sensitive information of 9.8 million customers on the street. It has been called the largest data breach in Australian history.

The drama started over a week ago. Australia’s second largest telecom operator has noticed suspicious network traffic and has warned customers against stealing data such as names, dates of birth, addresses, email addresses and phone numbers of existing and old customers. Nearly three million people are particularly vulnerable to identity theft because their driver’s license and passport numbers have also been leaked.

A few days later, the data of ten thousand customers was put up for sale on ‘dark webA self-proclaimed hacker demanded a ransom of $1 million. Shortly after, the hacker changed his mind and apologized. The data was removed again, but the damage was done. The data was copied and is still circulating on the web. Last Friday, the Australian police announced a special operation To protect victims.The FBI is also involved.

incomplete information

Nearly 40 per cent of the Australian population may be victims of a data breach. It causes chaos. Aid has so far been flawed and uncoordinated, leaving victims feeling left to their own devices. More than a week after the news was announced, not all affected customers had been informed. “I had to read in the newspaper that there was a data breach. I still haven’t heard from Optus,” Charo DeVere (69) said. She has been trying to change all her passwords for days and trying to change her driver’s license number.

See also  Introducing BBC Micro: Bit

DeVere is a businessman and calls himselftech savvy“.But this does not apply to all deceived clients.” “I have friends who call me in a panic because they don’t know what to do. I try to help them, but it takes too long,” she says.

There is a lot of speculation about how this happened and who is behind it. The company and the police have not confirmed anything yet. Shortly after the first reports of the leak, CEO Kelly Beyer Rosmarine ran through the dust and apologized at a touching press conference. This was an advanced attack. I can’t say more than that, except that we are very sorry.”

poor insurance

But there is mounting evidence that the data was poorly secured. The company seems to have left the digital back door wide open. It is believed to be a weak API (application programming interface), used to exchange data and provide access to the data of millions of Australians.

Claire O’Neill, Minister of Cyber ​​Security, has criticized the telecommunications company. This was not an advanced attack. I am very concerned about the possibility of a fairly minor hack of a major telecom provider in our country.” ABC.

Cyber ​​security experts agree. “If the hacker obtained the information through an insecure API, the theft would be very simple indeed,” Alastair MacGibbon of security firm CyberCX told the newspaper. the age. In fact, it would be so easy to request data that the theft is not officially considered a hack.

Reputational damage

The fact that the data was apparently ready for grabs caused massive damage to the carrier’s reputation. It doesn’t help that the ransom demand was significantly low and might indicate the presence of a hacker. One million US dollars is one of the lowest amounts ever required when it comes to large-scale data theft. Joking on social networking sites that the hacker d. Evil from the Austin Powers movie, who doesn’t realize that a million dollars isn’t a lot of money these days. It is unclear why the hacker changed his mind. Optus says it has not paid any ransom.

The storm of criticism is not only targeting the carrier, but Australia’s inappropriate privacy laws and regulations are also under scrutiny. The Privacy Act dates back to 1988. The fines for companies that carelessly handle customer data are very low. “The maximum fine that we can impose for violating our privacy laws is US$2.2 million. This is a point in the ocean for a huge company like Optus,” said Cybersecurity Minister O’Neill.

Higher fines

That’s why experts believe Australia should introduce the same regulations that have been in place in Europe for so long. Lawyer Tony Song of the University of New South Wales argues for the introduction of the EU’s “gold standard” for data protection. “The fines should be much higher, not only for criminals who steal data, but also for companies that collect our data,” he says.

Minister O’Neill acknowledges that current legislation is insufficient. “We’re probably a decade behind,” she told ABC. More than a year ago, a new cybersecurity law was introduced, but it does not apply to telecom companies. The minister wants to change that. “At the time, the telecoms companies said they were too good at cybersecurity that there was no need to worry. This is clearly not the case.”

Prime Minister Anthony Albanian has expressed support for tougher regulations. ‘This is huge’ wake cry Al-Albani said. Optus wants you to pay for new passports and driver’s licenses for deceived customers. The company has already promised to do so.

Victims, like Charo Devery, are now considering legal action against the company. In addition, DeVere hopes that the government will keep its promise to provide better protection for citizens. They’ve made quite a stir now, because it suits them politically. I still have to figure out if this really changes anything.”

Leave a Reply

Your email address will not be published.