Lloyd’s estimates that an extreme cyber attack could result in losses of up $121 billion

July 23, 2017

Lloyds has published a report titled Counting the Cost where it estimates that of the potential economic impact of a hypothetical malicious hack on a cloud service provider, and attacks on vulnerable computer systems run by businesses around the world could be as high as $53bn and $28.7bn respectively. A cloud service disruption scenario, because of the uncertainty around aggregating cyber losses could result in losses as high as $121bn, or Read the rest of this entry »

Culve Engineering Pty Ltd v Apollo General Engineering (Aust) Pty Ltd (in liq) [2017] VSCA 182 (7 July 2017): power to make a substitution order, exercise of discretion, Rule 9.09 of the Civil Procedure Rules

The Victorian Court of Appeal in Culve Engineering Pty Ltd v Apollo General Engineering (Aust) Pty Ltd (in liq) [2017] VSCA 182 considered the scope and operation of Rules to permit a substitution order being made.


The third applicant, Sandra Cerrato, was the executrix of the deceased estate of her father, Rocco Cerrato who . Mr Cerrato died on 14 August 2014 [1]. Prior to and in  2010 Mr Cerrato was a director of the first applicant, Culve Engineering Pty Ltd (‘Culve Engineering’), the second applicant, Tena Denham Nominees Pty Ltd (‘Tena Denham’), and the first respondent, Apollo General Engineering (Aust) Pty Ltd (in liquidation) (‘Apollo’) [2]. Ms Cerrato was joined as a defendant to this proceeding in her capacity as executrix in substitution for her father by an order made by an associate judge on 18 September 2015. She and the other applicants unsuccessfully appealed that decision to a judge in the Trial Division [3].

Prior to 21 April 2010 Apollo carried on Read the rest of this entry »

Federal Trade Commission halts company that used information in loan applications to sell personal information to third parties wanting leads for their own business purposes for the pu

July 20, 2017

It is almost embarrassing to say that data is big business.  Personal information is the wheat that is separated from the digital chaff. The Federal Trade Commission issued a complaint against Blue Global Media in what was an egregious program of getting consumers to fill out loan applications and on selling that data, including personal information and sensitive information which in the US context includes social security number and credit card details, to parties willing to pay for leads. As is commonly the case the FTC Read the rest of this entry »

Ashley Madison data breach results in $11.2million settlement

July 15, 2017

The Ashley Madison breach of 2015 when 25 gigabytes of data, including personal information was accessed and stolen was one of the biggest breaches to that date.  It also resulted in huge embarrassment for users of the Ashley Madison website and major reputational damage for Ashley Madison.  Not only did it Read the rest of this entry »

Royal Free London NHS Foundation Trust enters into undertaking because of the breach of the Data Protection Act in turning over sensitive medical data of around 1.6million patients to DeepMind

The UK Information Commissioner’s Office (the “ICO”) has its detractors however as a regulator it has been by far more energetic than its Australian equivalent.  The legislative structure is different as is the resourcing.  The UK Data Protection Act provides more scope for enforcement action and the penalties can be swingeing.  That said the approach taken by the ICO in both adopting an educational approach, the carrot, but also high profile and tough regulatory action, monetary penalty notices, highlights a difference with the Office of the Information Commissioner, which has been all about the education and very little about the enforcement. That has had a deleterious effect on privacy and data protection compliance in Australia.

The ICO took action against the Royal Free London NHS Foundation Trust for failing to Read the rest of this entry »

US National Institute of Standards and Technology releases draft Application Container Security Guide

The National Institute of Standards and Technology (“NIST”) has released a draft of is Application Container Security Guide.  While the NIST is an American agency its guides have Read the rest of this entry »

Data breaches at Flight Centre and elsewhere…the excuse “Human Error” seems to be more acceptable than system faults..really?

The passport details of Flight Centre customers have been released to third parties who were working with Flight Centre in developing business products.  The extent of the breach, in terms of numbers of passport holders personal information being leaked and what exactly was released to the unauthorised party, has not been disclosed.  That level of opaqueness in notification tends to be typical in Australia but much less so in the United Kingdom and the United States. Curiously the Flight Centre stresses that human error, rather than a systems failure, was the cause of the breach.  As if that makes it better or less serious.  The Privacy Act Read the rest of this entry »

Sheales v The Age & Ors [2017] VSC 380 (29 June 2017): defamation, damages where reputation not put in issue, mitigating and aggravating factors

July 6, 2017

After a 6 day trial a jury found for the plaintiff in the defamation proceeding of Sheales v The Age & Ors [2017] VSC 380.  The Court awarded damages in the sum of $175,000.  The current maximum amount awardable for non-economic loss is $381,000.


The Plaintiff, Sheales, is a Victorian barrister practicing mainly in criminal law and sports law. The Third Defendant, Patrick Bartley, was a journalist who wrote an article about the Plaintiff’s appearance before a Racing Victoria stewards hearing on 2 August 2015. An issue before the steward’s hearing that day concerned the alleged use of the chemical element cobalt by the plaintiff’s clients [1]. Fairfax Digital Australia and New Zealand Pty Ltd, the second defendant, published the article online. The first defendant, The Age Company Pty Ltd, the owner and publisher of The Age newspaper, published the article, with some small differences on 3 August 2015 [2].

The Plaintiff alleged that he had suffered injury to his professional reputation and feelings, had been humiliated, embarrassed or Read the rest of this entry »

Medicare numbers available on the dark web

July 4, 2017

The theft of personal information and subsequent sale on the internet, the “darknet” to be more dramatic, is common, lucrative and, because poor privacy and cyber security policies and protections by many organisations, an increasingly attractive way for criminals to make money. It is not necessary to obtain credit card or bank details.  Getting official identifiers like social security numbers have intrinsic value.  Which is why the report of Medicare numbers being sold on line is Read the rest of this entry »

Anthem Inc, America’s largest health insurance company settles litigation over hack of 79 million people’s accounts for $115 million

June 24, 2017

Reuters reports in Anthem to pay record $115 million to settle U.S. lawsuits over data breach a resolution of a class action arsing out of a massive data breach of 79 million individuals’ personal information.

The Plaintiffs’ website announced that the court will consider the settlement on Read the rest of this entry »