Earlier this month the Australian National University suffered a data breach, see my post here.  Now the Fairfax press reports in Australian Catholic University staff details stolen in fresh data breach that the Australian Catholic University has suffered a data breach where personal information has been stolen.  The hackers Read the rest of this entry »

Recordings of outtakes and studio sessions from Radio Heads OK Computer album have been released by Radio Head to thwart the thieves or hackers who obtained a copy held by band member Thom Yorke.  The villains wanted a ransom or they would be released according to the Fairfax Press in ‘Hacked the hackers’: Radiohead releases 18 hours of ‘stolen’ OK Computer sessions.  So Radio Head rendered the threat meaningless and released the material.  The release is not free, costing 18 pounds so is not an altruistic gesture.  The next turn is the villain’s, does he (it is usually a he) or they release the material for free, thereby reducing Radio Head’s revenue.  It wouldn’t completely Read the rest of this entry »

Financial institutions and health care facilities are by far and away the most attractive and attacked sites for hackers.  Accessing personal information to permit access and transfer of funds from financial institutions are an obvious attraction.  Health facilities as a matter of course collect names, addresses, dates of birth, insurance information, government identifiers and often times credit card information.  That accumulation of data in one place, which depressingly is what health facilities usually do, permits a hacker to sell that information on the dark web or embark on identify theft himself (most hackers, based on evidence to date, being male).

Westpac has suffered a data breach as reported in Almost 100,000 Australians’ private details exposed in attack on Westpac’s PayID.  The aim and partial success was to access personal information to later use to commit acts of fraud.

There are three interesting aspects to the story.  The first is that details of the attack became public only because someone close to or in Westpac, NPP or both posted details as an item of interest on Whirlpool.  The Second is that the attack highlightgs the vulnerability of apps and other services designed for quick and easy use of banking facilities.  There is often a trade off, at least in the developers mindset, of ease of use and protection from hacking.  Apps are often weak links in data security.  The third issue is Read the rest of this entry »

Leaks from government are as old as government itself.  Leaks serve a myriad of purposes; forshadowing a decision, undermining opponents or their plans, acting as a stalking horse to gauge public opinion and being a straw man that can be be used to kill off a measure that is uncomfortably close to being announced, just to mention a few.  Leaking of plans, discussions, decisions made or not made and strategies is rarely seen as edifying, and often treated as something a little icky but it is universally seen as a legitimate tool in the black bag of political tricks. It is also often times quite effective, killing off proposals and sometimes political careers. Leaking personal information is something else however. Which is why yesterday’s story about the leak of motorists details being linked to a New South Wales Minister’s office is so serious.  The leak was of a spreadsheet containing the personal information of hundreds of motorists which found its way into the hands of a journalist. The genesis of the breach is Read the rest of this entry »

The Information Commissioner announced, on 8 April 2019, that she does not the power to investigate a complaint about a breach of the Privacy Act by Tim Wilson or Wilson Asset Management (International) Pty Ltd in relation to the collection and use of personal information through the ‘stoptheretirementtax.com’ website.’  The website and the collection of data caused some controversy.  In Tim Wilson’s ‘retirement tax’ website doesn’t have a privacy policy. So how is he using the data? Andre Oboler in a traditional academic “on – the – one – hand – and – on – the – other” analysis raised the complications of determining whether a Parliamentarian operating a web site falls within the political exemption provisions of the Privacy Act of is covered by parliamentary privilege, by virtue of his work as a chair of the standing committee on Economics, either of which would deny the Commissioner jurisdiction. The other coverage, such as Liberal MP Tim Wilson faces ‘breach of privacy’ claims and Labor pushes to refer Tim Wilson to privileges committee is more red blooded political reporting.

Mr Oboler was prescient Read the rest of this entry »

Facebook has a tendency to advocate vague improvements to its privacy policies and call for improved and stronger regulation after some or other egregious privacy breach or oppressive monopolistic act is uncovered.  In the last year Facebook has been battered by the Cambridge Analytica scandal, clear evidence of its platform being used by foreign players to influence elections and a seemingly regular stream of less dramatic but no less worrying privacy breaches.  Facebook’s standard response to such problems has been a combination of virtue signalling and getting on board the reform wagon so as to moderate its outcomes. In early March Zuckerberg described the move to private messaging as being his “pivot to privacy” in communications.  After the briefest of analyses it was ridiculed and seen to be more about presentation than product according to the Wire’s Facebook’s Pivot to Privacy Is Missing Something Crucial and Forbes’ Facebook’s Fake Pivot To Privacy and Slate’s Facebook’s Awkward Pivot to Privacy.

Mark Zuckerberg’s reported very recent call for “more active” role for government regulation in internet privacy and election laws has a similar feel about a polished response to criticism. Except that the complaints are long lasting and the potential of real action by governments is real. The last edition of the Economist highlighted the steps being taken by the Europeans, a huge market, against Facebook and Google, amongst others, for their privacy unfriendly practices.   And those steps are not confined to Europe.  American legislators are, for the fourth time, considering more comprehensive privacy laws or trust busting action.

So while there is reason to be sceptical about Facebook’s motives the pressure on Facebook and Google is such that there may be actual improvement.

And there should be given the impact of the privacy breaches in Australia with Read the rest of this entry »

In A’la Carte Homes Pty Ltd v AAPD CO P/L [2019] VSC 108 the Supreme Court, per Randall AsJ, set aside a statutory demand. The key issue was the failure of the assignment of a debt being described in the statutory demand or accompanying affidavit.

FACTS

The application was made under ss 459G, 459H and 459J of the Corporations Act 2001 (Cth). The orders sought were Read the rest of this entry »

Following hot on the heals of the ransomware attach on the Melbourne Heart Group last week the Fairfax Press reports on 3 separate attacks, being the Catholic Archdiocese, TelstraSuper and Toyota with varying degrees of success. 

While the targets are high profile here, which makes for interesting the reality is that ransomware attacks are becoming Read the rest of this entry »

Itgovernance compiles monthly records of data breaches and works out, often from the victim of the data breaches the number of records leaked. In January 2019 it concluded that 1,769,185,063 records were accessed. That figure is eye wateringly large and even if the Collection#1 breach is not taken into account, which involved 772,904,991 records from historic data breaches it still means just under a billion records were affected.

And into this environment of steadily more effective cyber attacks and generally inadequate protections the Australian My Health Records system will now opt in the records of about 17 million Australians. The legislation has flaws, the system has bigger flaws and the experience overseas is that these centralised digitised health records are failures. Seven Thirty did a very interesting report of the MyHealth Record system.

The biggest difference between consumer goods and apps is that consumer goods generally go through quality control checks, compliance with standards and review by regulators before being sold to the public while apps are focused getting some new or improved feature for whatever system out as quickly as possible without any external review or control. The rationale seems to be that consumer goods that are defective can harm while apps are cool and even when they don’t work what harm do they do.

Apps are often released with design flaws and commonly require patching and all manner of fixes, The recent rush by Apple to fix its Group FaceTime highlights this approach to product development. The defect permitted a person who hadn’t accepted a call through FaceTime nevertheless being heard. The flaw also permitted third party access to iPhone and iPad microcophones and video camera feed.