Repeat hacks highlight Australia's cyber flaws / Photo: Muhammad FAROOQ - AFP
-
Newcastle manager Howe diagnosed with pneumonia
-
Alvarez bags penalty double as Atletico beat Valladolid
-
Judge to captain USA in World Baseball Classic
-
Lukaku stars as Napoli keep pressure on Serie A leaders Inter
-
Ukrainians mourn Sumy strike victims as Russia denies targeting civilians
-
Pope paves way for 'God's architect' Gaudi's sainthood
-
Harvard defies Trump demands for policy changes, risking funding
-
13 million displaced as Sudan war enters third year: UN
-
Dhoni snaps Chennai's five-match IPL losing streak
-
Meta to train AI models on European users' public data
-
Mexican president opposes ban on songs glorifying drug cartels
-
Trump blames Zelensky for 'millions' of deaths in Russian invasion
-
French prosecutor investigates as man confesses to throwing bottle at Van der Poel
-
UN warns over Gaza humanitarian crisis as France, Abbas call for truce
-
PSG's Desire Doue: Talented by name and by nature
-
Death toll from Dominican nightclub disaster rises to 231: minister
-
Phoenix Suns fire Budenholzer after missing playoffs
-
El Salvador's Bukele rules out returning migrant, in love-fest with Trump
-
Goldman Sachs profits rise on strong equity trading results
-
Zverev shakes off recent funk to beat Muller in Munich
-
Flick expects Barcelona's 'best' against Dortmund despite first-leg lead
-
'West Philippine Sea' now visible on Google Maps without specific search
-
Hungarian lawmakers back constitutional curbs on LGBTQ people, dual nationals
-
Nvidia to build supercomputer chips entirely in US for first time
-
Argentine peso depreciates after exchange controls lifted
-
Macron, Abbas call for Gaza truce as Hamas insists on guarantees
-
Kim Kardashian will testify at Paris jewellery theft trial: lawyer
-
Alcaraz hits back at critics before Barcelona Open
-
Hungarian lawmakers back curbs on LGBTQ people, dual nationals
-
Trump hosts 'coolest dictator' Bukele in migrant crackdown talks
-
Macron urges 'reform' of Palestinian Authority to run Gaza without Hamas
-
Trump's tariff exemptions give markets relief, but tensions loom
-
African players in Europe: Wissa deals blow to Arsenal
-
Stocks rise on new tariff twist
-
Emery says home fans can inspire Aston Villa comeback against PSG
-
'Miracles happen', says Kovac before uphill Barca battle
-
Russia says deadly Sumy strike hit army meeting
-
Pope recognises 'God's architect' Gaudi as 'venerable'
-
China, Vietnam sign agreements after Xi warns protectionism 'leads nowhere'
-
Italy's Olympic hope Brignone says 'four to five months' before back on skis
-
Flick has Barcelona on cusp of Champions League semis, six years on
-
Liverpool set for 'big summer' of transfers, says Van Dijk
-
Tensions flare as Algeria expels 12 French officials
-
Winter Olympics torch unveiled in joint ceremony in Milan and Osaka
-
French hospital staff, relatives sue ministers over work-related suicides
-
Music, revolution and Y2K: Coachella 2025 takeaways
-
Trump says no one 'off the hook' on tariffs but markets rise
-
Post Malone wraps Coachella with genre-fluid performance
-
Flawless Oscar, Max flounders: Bahrain Grand Prix talking points
-
UK govt races against time to keep steel furnaces running
NYSE - LSE
Repeat hacks highlight Australia's cyber flaws
Inadequate privacy safeguards and the stockpiling of sensitive customer information have made Australia a lucrative target in the eyes of foreign hackers, cybersecurity experts told AFP following a series of major data breaches.
Medibank, Australia's largest private health insurer, recently confirmed that hackers had accessed the data of 9.7 million current and former customers, including medical records related to drug abuse and pregnancy terminations.
Telecom company Optus fell prey to a data breach of similar scale in late September, during which the personal details of up to 9.8 million people were accessed.
Both incidents sit comfortably among the largest data breaches in Australian history.
Australian National University cybersecurity expert Thomas Haines said many companies had been hoarding personal data that they should not have been hanging on to.
"There was a famous line for a while: Data is the new oil," he told AFP.
"If data is the new oil, then we're living the era of the weekly oil spill."
Haines contrasted Australia's approach with that of the European Union, which in 2018 adopted sweeping privacy reforms limiting how organisations collect, use and store personal data.
"There have got to be incentives in place to stop companies hoarding data they don't need, or to penalise those companies for big leaks. Europe has done this," he said.
"At the moment the business incentives are basically along the lines of: Let's just keep a whole bunch of data."
Haines said Medibank appeared to be an exception, in that most of the sensitive information within its databases had been stored for good reason.
- Hacking 'for profit' -
Australia's comparatively weak safeguards against identity theft meant it was also easier to exploit stolen personal information, Haines said.
"All they need to know is your passport, your driver's licence and some other things -- and then I can start taking out loans in your name."
Haines said European countries such as Norway had much more stringent requirements involving face-to-face contact.
Dennis Desmond, a former FBI agent and US Defense Intelligence Agency officer, said most hackers were searching for particular types of data.
"For-profit hackers are going after healthcare data, they're going after identity data and credentials to access systems," he told AFP.
"There is a profit motivation there, otherwise they wouldn't be risking jail and prosecution."
The Medibank hackers this week started leaking stolen data to a dark web forum, after the company refused to pay a US$9.7 million (Aus$15 million) ransom.
The Optus breach led to the theft of customers' names, birth dates, and passport numbers.
- Russia blamed -
Australian Federal Police Commissioner Reece Kershaw on Friday blamed the Medibank cyberattack on a team of hackers based in Russia.
"We believe those responsible for the breach are in Russia," he told reporters.
"Our intelligence points to a group of loosely affiliated cyber criminals who are likely responsible for past significant breaches in countries across the world."
Medibank data leaked to the dark web so far has included hundreds of potentially-compromising medical records related to drug addiction, alcohol abuse and sexually-transmitted infections.
Home Affairs Minister Clare O'Neil conceded on Friday the country's cyber defences had not always been up to scratch.
University of Sydney data researcher Jane Andrew said one major flaw was that Australian companies were not always obliged to report data breaches.
"There are heaps of data breaches happening all the time that we don't hear anything about," she told AFP.
"Companies have been gathering data because it's seen to be valuable, without fully understanding the potential risks."
X.M.Francisco--PC