Peter A Clarke

The focus of reporting on data breaches is on the personal information which is taken, potentially to commit fraud and the distress that others have that information without permission.  What is less reported is the potentially catastrophic effect data breaches may have on an business’ prospects, if not survival.  

In the United States Retrieval – Masters Creditors Bureau filed for Chapter 11 bankruptcy protection after it suffered a data breach in March.  The fallout from the data breach has been described as creating a “cascade of events” with led to the bankruptcy.  In Australia the Australian Financial Review (AFR) has reported that Landmark White is considering a full or partial sale of its business as it suffers a liquidity crisis caused by its second suspension by its lender clients.  In both cases the Read the rest of this entry »

Amongst the big 4 tech giants in their own given areas, Microsoft, Google, Facebook and Apple, Apple has made the strongest public stand on protecting its users privacy.  It too a stand as a civil rights issue in protecting privacy when in in 2016 when it refused to assist the FBI in in cracking a password on an iphone owned by a terrorist.  That included fighting the FBI in the Federal Court.

Facebook’s recent pivot to a privacy friendly future with the statement A Privacy-Focused Vision for Social Networking in March has been treated with some scepticism when the Guardian recently reported that Zuckerberg knew of poor privacy practices associated with the Cambridge Analytica scandal.  The evidence, emails uncovered by the Federal Trade Commission in its investigation as to whether Facebook has breached a 20 year consent decree, which it almost certainly has.  Facebook has reportedly set aside $3 billion in anticipation of a record fine from the FTC though the figure could be as high as $5 billion.  Today Facebook through Read the rest of this entry »

Earlier this month the Australian National University suffered a data breach, see my post here.  Now the Fairfax press reports in Australian Catholic University staff details stolen in fresh data breach that the Australian Catholic University has suffered a data breach where personal information has been stolen.  The hackers Read the rest of this entry »

Recordings of outtakes and studio sessions from Radio Heads OK Computer album have been released by Radio Head to thwart the thieves or hackers who obtained a copy held by band member Thom Yorke.  The villains wanted a ransom or they would be released according to the Fairfax Press in ‘Hacked the hackers’: Radiohead releases 18 hours of ‘stolen’ OK Computer sessions.  So Radio Head rendered the threat meaningless and released the material.  The release is not free, costing 18 pounds so is not an altruistic gesture.  The next turn is the villain’s, does he (it is usually a he) or they release the material for free, thereby reducing Radio Head’s revenue.  It wouldn’t completely Read the rest of this entry »

Organisations and agencies that collect and use personal information have a chronic problem of staff accessing that information without authorisation.   It is a very significant problem in the health industry with staff looking into the health records of celebrities; George Clooney in 2007, of Brittany Spears in 2008, Michael Jackson’s health records in 2011 and Kim Kardashian in 2013 to name a few. Last year 2 staff members at the Ipswich Hospital were reprimanded and one sacked for accessing Ed Sheeran’s health records relating to his treatment for a writs injury caused by a bicycle accident.  These instances are a fraction of the breaches of this nature that occurs. The breaches rarely come to light because the organisations notify those whose personal information have been compromised.  And they are only occasionally notified to the regulator. 

A case of snooping that was reported to the regulator resulted in a successful prosecution. In the United Kingdom unauthorised access of personal information is criminal offence. The UK Information Commissioner successfully prosecuted a former customer services officer at Stockport Homes who unlawfully accessed personal data, being anti social behaviour cases 67 times in 2017.  The breaches were Read the rest of this entry »

The Australian National University has had a very serious data breach.  Not just that a hacker or hackers breached its data security and accessed personal data, collected over a 19 year period, but that it started late in 2018 and was only detected two weeks ago.  That happens.  Sometimes hackers can remain in a system for years.  That may be a reflection on the sophistication of the attackers but it is more often a reflection on the adequacy of the organisation. 

This is second data breach in less than a year.  That bespeaks a real structural and governance problem with data security.  What also happens when data breaches like this happen is the data handling practices of the organisation come under the spotlight.  And ANU will have, or at least should have, a few questions to answer. Apart from the obvious about Read the rest of this entry »

Financial institutions and health care facilities are by far and away the most attractive and attacked sites for hackers.  Accessing personal information to permit access and transfer of funds from financial institutions are an obvious attraction.  Health facilities as a matter of course collect names, addresses, dates of birth, insurance information, government identifiers and often times credit card information.  That accumulation of data in one place, which depressingly is what health facilities usually do, permits a hacker to sell that information on the dark web or embark on identify theft himself (most hackers, based on evidence to date, being male).

Westpac has suffered a data breach as reported in Almost 100,000 Australians’ private details exposed in attack on Westpac’s PayID.  The aim and partial success was to access personal information to later use to commit acts of fraud.

There are three interesting aspects to the story.  The first is that details of the attack became public only because someone close to or in Westpac, NPP or both posted details as an item of interest on Whirlpool.  The Second is that the attack highlightgs the vulnerability of apps and other services designed for quick and easy use of banking facilities.  There is often a trade off, at least in the developers mindset, of ease of use and protection from hacking.  Apps are often weak links in data security.  The third issue is Read the rest of this entry »