Massive data breach exposes personal information of German politicians.

January 5, 2019

Data breaches of any personal information is a serious matter. The misuse of personal information can financially affect a person whose information is used for identity theft and it can have a massive impact on an organisation that suffers a data breach.  A sub set of data breaches is where the target is a public figure.  There the motivations are generally not financial.  The aimed impact is reputational and  humiliation. It can also be used to cause disruption, as was the case recently in Germany where there has been a massive hacking attack which has resulted in personal data of hundreds of German politicians have been accessed and then leaked over Twitter.  This has been reported by Wired in  A Major Hacking Spree Gets Personal for German Politicians, Reuters in German politicians’ data published online in massive breach and the Australian in Angela Merkel hit in massive data hack attack.  The focus of these breaches are to humiliate and embarrass.  The breach is a particularly pernicious form of politics.  It is curious that Read the rest of this entry »

My Health Records suffered 42 data breaches in 2018 and problems with data entry

December 31, 2018

My Health Records can be seen as a legislative process, the enactment of legislation, the implementation of a public policy initiative, placing people’s digital records on line, and a salient lesson in how not to legislate and implement an initiative.  The implementation of the My Health Records scheme has been fraught and is a complete mess as far as privacy and cyber security is concerned.  The legislation had to be amended to assuage privacy concerns, which were at best quick fixes, and the opt out period was extended.

And the problems keep on coming.  The Fairfax Press reports that there have been 42 data breaches in 2018.  Meanwhile the Herald Sun reports that wrong data has been entered into the My Health Record system.

The Herald Sun report Read the rest of this entry »

Nova Entertainment has data breach involving personal information of up to 250,000 listeners..Novas’ approach more evasive than transparent

December 28, 2018

Nova Entertainment has announced that it has “publicly disclosed” a “legacy dataset” involving personal information (of listeners presumably) collected in the period May 2009 – October 2011.  It does not say when the breach occurred or how the breach occurred.

The statement provides:

Nova Entertainment has recently become aware that a legacy dataset containing information collected from our listeners during the period from May 2009 to October 2011 has been publicly disclosed.

We are in the process of notifying individuals affected by this incident of the steps they can take to prevent any potential misuse of their information. Read the rest of this entry »

Facebook’s terrible year continues with exposure of 6.8 million users photos

December 17, 2018

For Facebook, even more so than Google, 2018 was an annus horribilis, at least on the reputational and branding front.  Wired reports that for Facebook had a bug in September which let third party developers to view photos of 6.8 million Facebook users whether they were shared photos or not.

This of course comes on the back of Read the rest of this entry »

Google’s ambivalent regard for privacy begins to catch up with it…

December 12, 2018

As if the Australian Competition and Consumer Commission report on Digital Platforms Inquiry wasn’t enough of a shot across Google (and others) bow Google has had to admit that Google Plus has had another, as in repeat, privacy flaw.  In October Google admitted a privacy flaw which had affected about half a million Google Plus profiles in the fortnight prior to fixing that problem.  Google admitted that the accounts had been exposed in March 2018.  The flaw was very significant, being the exposure of user’s names, email addresses dates of birth, profile photographs and occupations (amongst other details) to third party app developers through an API Bug.  An API, application programming interface, is a set of  is a set of subroutine  definitions , communication protocols, and tools for building software.  It allows the creation of applications which access the features or data of an operating system, application or other service.    On 10 December 2018 Google admitted to another bug which has affected Google Plus, potentially allowing 52 million user’s personal information to be accessed by third party apps and developers without permission. Google claimed that the flaw was introduced with a software update.  That in and of itself bespeaks as lack of competence.  The problem is Read the rest of this entry »

ACCC releases preliminary report on Google, Facebook and Australian news with significant recommendations on privacy law

December 10, 2018

Nature abhors a vacuum.  That truism tends to apply, eventually, in law as in the natural world.  Gaps in the law that are not filled by regulations are, often with baby steps, attended to by the courts.  Similarly a failure by one regulator to attend to its garden will often find another regulator, with aligned interests, stepping in to carry the weight.  And it is that last circumstance that applies with the ACCC’s preliminary report into Google, Facebook, Australian News and advertising.  Amongst the  11 preliminary recommendations the ACCC proposes at recommendations 8 – 10 increasing privacy protections by amendment to the Privacy Act 1988 to improve notification requirements, strengthening consent requirements, enabling the erasure of personal information, enabling a person to bring an action for breach of the Privacy Act and introducing an action for serious invasion of privacy.  The Information Commissioners’ Office has Read the rest of this entry »

Marriott suffers data breach involving personal information of 500 million guests

December 2, 2018

The size of data breaches are moving to levels where the numbers begin to be detached from easy comprehension.  According to IT Governance as at 27 November 2018 the total of known leaked records in November was 251,286,753.  That however was prior to Read the rest of this entry »

A timely article on political parties and the Privacy Act

November 27, 2018

The ABC in Political parties may know a lot more about you than you think has undertaken a neat, informative though hardly ground breaking piece on how political parties hoover up masses of personal information without any need to comply with the Privacy Act 1988.  Because they are exempt from the operations of the Privacy Act.  It is a topic that has been covered from time to time in the past, recently in Australia should strengthen its privacy laws and remove exemptions for politicians.

This exemption has been a longstanding flaw, among the many other flaws, of the Act.  It has been a flaw that both major political parties have Read the rest of this entry »

Australian Defence Contractor Austel suffers data breach

November 3, 2018

Austel, one of Australia’s main defence contractors has suffered a data breach.  It notified the Australian Securities Exchange last Thursday night.  The notice to the ASX is found here.  Unlike US notices it’s focus is on being vague on critical details and expansive on the impact, it says not much, and what it is doing in response, it says plenty.

The Notice states:

Austal Limited (ASX:ASB) advised that its Australian business has detected and responded to a breach of the company’s data management systems by an unknown offender.
Austal referred this matter to the Australian Cyber Security Centre (ACSC) and the Australian Federal Police who have provided ongoing assistance and advice. Austal Australia’s Information Systems and Technology (IS&T) team have restored the security and integrity of the company’s data systems and have implemented, and continues to implement, additional security measures to prevent further breaches. A small number of stakeholders who were potentially directly impacted have been informed.
The data breach has had no impact on Austal’s ongoing operations. Austal’s business in the United States is unaffected by this issue as the computer systems are not linked.
No company wants to lose control of its information, but there is no evidence to date to suggest that information affecting national security nor the commercial operations of the company have been stolen: ship design drawings which may be distributed to customers and fabrication sub – contractors or suppliers are neither sensitive nor classified.
Some staff email addresses and mobile phone numbers were accessed and these staff members have been informed accordingly. The Office of the Australian Information Co
mmissioner will be involved as required.
Following the breach the offender purported to offer certain materials for sale on the internet and engage in extortion. The company has not and will not respond to the extortion attempts.
Austal cannot provide any additional information at this time

The statement, anodyne as any I have seen, confirms that the hacker attempted an extortion attempt.  What the report does not state but the Australian does is that the attack took place two weeks ago and involved the loss of 100 gigabytes of data. There is another report that the material was accessed over a month ago.  The Australian’s reports that Read the rest of this entry »

Report of drone used to invade privacy coincides with New Zealand Government review of regulation of drones

October 31, 2018

There is no dilema or delay in the technical development of drones, the common term for remotely piloted aircraft systems or unmanned aerial vehicles (UAVs).  There is however huge delays and significant dilemas by legislatures on how to respond to the legal challenges with the misuse of drones and what regulation is required.  In October 2016 the Senate’s Rural and Regional Affairs Transport References Committee conducted an enquiry on Regulatory requirements that impact on the safe use of Remotely Piloted Aircraft Systems, Unmanned Aerial Systems and associated systems.  The Committee tabled its report on 31 July 2018 with almost no fanfare.  And deservedly so.  It is a narrowly focused, quite technical and limited report focused on the use of drones and rather than the broader issues which affect not only the use of the drones but the impact they have on others.

In New Zealand there is a report of a drone being used to interfere with a persons’ privacy and as a means to scope out a home before burglaring it.  Coincidentally the New Zealand government is Read the rest of this entry »