Repeat hacks highlight Australia's cyber flaws / Photo: © AFP
-
Henry the hero as New Zealand level England series in style
-
Britain's King Charles to reveal personal tax bill: Palace
-
Gill to skipper India against England, Kohli to play if fit
-
France presses ahead with street music festivals despite extreme heat
-
UK's Starmer mulling 'political realities': senior minister
-
England's Stokes and Atkinson withdrawn from county games ahead of 3rd Test
-
France presses ahead with music festivals despite extreme heat
-
Ukrainian strikes on Russian-annexed Crimea kill 4, pause fuel sales
-
Springboks recall 'outstanding' Papier for Nations Championship
-
US, Iran set for talks as Lebanon conflict threatens deal
-
Bezzecchi out of Czech MotoGP after slapping steward
-
Spain target convincing win to dispel World Cup doubts
-
FIFA draws criticism as Infantino clocks up air miles at World Cup
-
Curacao keeper Room jokes he deserves statue after World Cup heroics
-
Japan stroll to victory over Tunisia in World Cup's 1,000th game
-
Pakistan's mango exports shrink as Middle East war impacts linger
-
Trump blames 'terrible vandals' for Washington pool renovation woes
-
Iran World Cup travel restrictions to be eased, says coach
-
Man charged over suspected anti-Muslim attacks in Edinburgh
-
Room heroics earn Curacao World Cup point against Ecuador
-
Britain's King Charles to reveal personal tax bill: reports
-
New mindset, prior win give Clark confidence at US Open
-
Fly-half Love ready for All Blacks start after Super Rugby heroics
-
Scheffler eager to seize the moment as career slam beckons
-
Saudis seek to repeat Argentina World Cup 'miracle' against Spain
-
Clark leads by six at US Open as Scheffler charges
-
Nagelsmann says Germany has higher ambitions than advancing to knockout stage
-
Los Angeles under state of emergency due to warehouse fire
-
US and Iran set for new talks after delay and deadly strikes
-
'Fired up' Spain ready to hit back, says De la Fuente
-
Germany into World Cup last 32 after late comeback, Dutch thrash Sweden
-
Germany come from behind to beat Ivory Coast and reach World Cup last 32
-
Albanian protests against Trump-linked resort swell
-
Clark clings to US Open lead as Scheffler charges
-
Burn dons cowboy boots as England unwind at World Cup
-
Miotti kicks Montpellier past Stade Francais into Top 14 final
-
France's Saliba says playing through the pain at World Cup
-
Iran says Hormuz closed as US-Iran deal falters over Lebanon
-
Counter-terror cops probe suspected anti-Muslim 'attacks' in Edinburgh
-
Bagnaia scorches to Czech MotoGP sprint victory, Bezzecchi suspended
-
Clark begins with bogey as McIlroy charges at US Open
-
Bolivia declares state of emergency, deploys military to quell protests
-
Specter of military escalation hangs over Colombia vote
-
Heavy metal: French town hosts medieval combat cage fights
-
Jamieson strikes as New Zealand eye series-levelling win despite Root heroics
-
Dutch swat Sweden as Germany, Ivory Coast eye World Cup knockout rounds
-
Netherlands thump Sweden in Houston to get World Cup liftoff
-
Scheffler opens with bogeys while McIlroy pars at windy US Open
-
Jamieson strikes as New Zealand eye series-levelling win against England
-
Brazil turn corner but tougher World Cup tests await
Repeat hacks highlight Australia's cyber flaws
Inadequate privacy safeguards and the stockpiling of sensitive customer information have made Australia a lucrative target in the eyes of foreign hackers, cybersecurity experts told AFP following a series of major data breaches.
Medibank, Australia's largest private health insurer, recently confirmed that hackers had accessed the data of 9.7 million current and former customers, including medical records related to drug abuse and pregnancy terminations.
Telecom company Optus fell prey to a data breach of similar scale in late September, during which the personal details of up to 9.8 million people were accessed.
Both incidents sit comfortably among the largest data breaches in Australian history.
Australian National University cybersecurity expert Thomas Haines said many companies had been hoarding personal data that they should not have been hanging on to.
"There was a famous line for a while: Data is the new oil," he told AFP.
"If data is the new oil, then we're living the era of the weekly oil spill."
Haines contrasted Australia's approach with that of the European Union, which in 2018 adopted sweeping privacy reforms limiting how organisations collect, use and store personal data.
"There have got to be incentives in place to stop companies hoarding data they don't need, or to penalise those companies for big leaks. Europe has done this," he said.
"At the moment the business incentives are basically along the lines of: Let's just keep a whole bunch of data."
Haines said Medibank appeared to be an exception, in that most of the sensitive information within its databases had been stored for good reason.
- Hacking 'for profit' -
Australia's comparatively weak safeguards against identity theft meant it was also easier to exploit stolen personal information, Haines said.
"All they need to know is your passport, your driver's licence and some other things -- and then I can start taking out loans in your name."
Haines said European countries such as Norway had much more stringent requirements involving face-to-face contact.
Dennis Desmond, a former FBI agent and US Defense Intelligence Agency officer, said most hackers were searching for particular types of data.
"For-profit hackers are going after healthcare data, they're going after identity data and credentials to access systems," he told AFP.
"There is a profit motivation there, otherwise they wouldn't be risking jail and prosecution."
The Medibank hackers this week started leaking stolen data to a dark web forum, after the company refused to pay a US$9.7 million (Aus$15 million) ransom.
The Optus breach led to the theft of customers' names, birth dates, and passport numbers.
- Russia blamed -
Australian Federal Police Commissioner Reece Kershaw on Friday blamed the Medibank cyberattack on a team of hackers based in Russia.
"We believe those responsible for the breach are in Russia," he told reporters.
"Our intelligence points to a group of loosely affiliated cyber criminals who are likely responsible for past significant breaches in countries across the world."
Medibank data leaked to the dark web so far has included hundreds of potentially-compromising medical records related to drug addiction, alcohol abuse and sexually-transmitted infections.
Home Affairs Minister Clare O'Neil conceded on Friday the country's cyber defences had not always been up to scratch.
University of Sydney data researcher Jane Andrew said one major flaw was that Australian companies were not always obliged to report data breaches.
"There are heaps of data breaches happening all the time that we don't hear anything about," she told AFP.
"Companies have been gathering data because it's seen to be valuable, without fully understanding the potential risks."
H.Seidel--BTB
