In late September this year Deloitte was the target of a successful sophisticated cyber attack which involved compromising client emails and confidential data of its clients, many of which are significant organisations. As is commonly the case with major data breaches the impact of the breach is not immediately known.  Often it requires a review to determine the extent of the breach.  It is not uncommon for hackers to remain undetected for weeks and sometimes months as they access data and decide what to steal or leak.  In the case of Deloitte’s breach was much larger than originally thought affecting the emails of 350 clients among which were US Government agencies including a server hosting emails for the US departments of state, energy, homeland security, and defense, the United States Postal Service, the National Institute of Health and the Federally guaranteed mortgage companies Fannie Mae and Freddie Mac.  The reputational damage to Deloittes has been immense, not least because it and the other big 3 accounting firms market themselves as experts in consulting in data storage, data security and compliance with privacy laws.

According to itgovernance in List of data breaches and cyber attacks in October 2017 – 55 million records leaked October was a bad but not untypical month in terms of data breaches which affected a broad range of companies.  There were financially inspired attacks such as Read the rest of this entry »

Last week the Joint Committee of Public Accounts and Audit released its long awaited report into Cybersecurity Compliance. It is a valuable report which makes clear that the Committee “gets it” as far as the need to maintain proper cyber security by agencies which are increasingly reliant on data being stored, used and disclosed online by its users.   The Committee was also frank in its assessment that key agencies are falling down in this regard.  For those practicing in this area that comes as little surprise.  There remains a poor cyber security and privacy culture in Read the rest of this entry »

Notwithstanding the seeming chaos and drama swirling around the White House last week there was some business being done.  As is the case with every administration.   Notably the President issued a Presidential Memorandum to the Secretary of Transportation titled Unmanned Aircraft Systems Integration Pilot Program.

Previously U.S. companies have faced tight rules regarding the use of drones including to protect Americans from potential harm. In the Presidential Memorandum the Secretary for Transportation has been directed to create a pilot program within 90 days that would effectively loosen regulations around drone usage in an “innovation zone”.  In that zone users can Read the rest of this entry »

Law firms are a particularly attractive target for hackers.  Legal offices usually hold a rich trove of clients’ confidential information, banking details, data from third parties such as witnesses and experts provides enough personal information for identity theft.  Last week the Telegraph reported on a law firm in Bermuda being hacked and client’s sensitive data being accessed.  Today’s Age in Dozens of confidential legal files found dumped outside Melbourne law firm reports on Read the rest of this entry »

In X v Twitter Inc [2017] NSWSC 1300 the Supreme Court of New South Wales, per Pembroke J, issued a final injunction regarding a post on Twitter. In doing so the Court considered in detail the scope and operation of injunctions on Twitter, a platform with much of its operations located outside Australia.

FACTS

Between 16 and 19 May the first offending tweets appeared [6] with the author of the tweets used a twitter handle that falsely adopted the name of the plaintiff’s CEO.

On 19 May, the plaintiff’s solicitors wrote to Twitter Inc:

• drawing attention to the tweets,
• the offending information contained in them and
• the user’s impersonation of the plaintiff’s CEO.
• requesting Twitter Inc to:
  • remove the offending material from the Twitter website;
  • to deactivate the ‘fake’ user’s account;
  • to take all other steps available to it to prevent the user from publishing further confidential information on the Twitter website; and
  • to provide the identity and contact information of the user.

Twitter responded Read the rest of this entry »

The Victorian Court of Appeal in Cresswell v Cresswell [2017] VSCA 272 upheld a decision from the County Court which ultimately revolved around procedural fairness and a fair trial.  It also highlighted the importance of clear pleadings.

FACTS

The facts revolve around land and unfortunately arrangements between family members that went awry.  Not an unusual situation which often enough gives rise to litigation.

The Applicantsare the parents of the Respondent and his sister, Tamarand [1].

Prior to 30 November 2001, the Applicants and the Respondent and Tamarand agreed, at [2], that: Read the rest of this entry »

The Age’s report Police investigate topless photo of woman wearing Richmond premiership medal seems to be an egregious, but not isolated example of the distribution of sexually explicit images without the depicted person’s consent.  It is commonly described as revenge porn though the report does not make it clear that revenge is the intent with the forwarding of a photograph of a topless female wearing an AFL premiership medal.  The report does Read the rest of this entry »

Today the Hon Dan Tehan launched the Australian Cyber Security Centre’s (ACSC) 2017 Threat Report at the National Press Club. Threat reports are now quite common throughout developed economies by both governments and specialist security companies.  The results are in line with other overseas reports both in terms of increasing attacks, greater sophistication and ransomware becoming a particularly challenging problem.

In his speech Tehan highlighted an example of a contractor in the security industry suffering a data breach in November 2016.  That has resulted in Read the rest of this entry »

The Attorney General today announced that it will introduce into Parliament a bill to give powers to the Minister to issue directions to mitigate national security risks.  Clearly this relates to the ongoing and increasing threat posed by cyber attacks.  It has released an exposure draft bill for comment until 10 November.

Some notable provisions of the Bill Read the rest of this entry »

It was always on the cards that Bauer Media would appeal its loss in Wilson v Bauer Media Pty Ltd [2017] VSC 521. And today Bauer Media announced that it was appealing the quantum of the damages.  Just inside Read the rest of this entry »