Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Privacy Reforms. Show all posts

Australian Government Plans Privacy Overhaul after Attacks on Multiple Organizations

 

Two weeks after the Medibank hack, the Australian government has decided to introduce legislative reforms on cybersecurity regulation that would increase penalties for companies that fail to guard customers’ personal data. 

Australia’s largest health insurer said on Wednesday a hacker accessed the data of all its 4 million customers which included personal information like names, dates of birth, addresses, and gender identities, as well as Medicare numbers and health claims. 

The malicious actor claimed to have extracted nearly 200GB of files and has provided 1,000 records to the insurer to prove they have the data claimed. The hacker also threatened to leak the diagnoses and treatments of high-profile customers if the insurer fails to pay the ransom. 

According to the Health insurer, its priority was to discover the specific data stolen in relation to each customer and to share that information with those customers. 

The company had previously said the breach was thought to be limited to its subsidiary AHM and foreign students. 

“Our investigation has now established that this criminal has accessed all our private health insurance customers' personal data and significant amounts of their health claims data,” Medibank chief executive David Koczkar stated. This is a terrible crime – this is a crime designed to cause maximum harm to the most vulnerable members of our community.” 

Legislative reform 

Cyberattacks on Optus, Medibank, and MyDeal have forced the Australian government to introduce legislative reforms on cybersecurity regulation. Last month on September 21, the hackers stole the personal data of almost 10 million current and former customers of Optus, the country’s second-biggest telecom. 

Two weeks later, the hackers targeted MyDeal, an online retail intermediary that lost the data of 2.2 million customers. 

“As the Optus, Medibank, and MyDeal cyberattacks have recently highlighted, data breaches have the potential to cause serious financial and emotional harm to Australians, and this is unacceptable. Governments, businesses, and other organizations have an obligation to protect Australians’ personal data, not to treat it as a commercial asset,” Attorney-General Mark Dreyfus stated during the introduction of amendments to the Privacy Act to Parliament. 

The government is keeping a close eye on firms that collect more customer data than necessary to make money from it in ways unrelated to the services for which the information was provided. The penalties for serious breaches of the Privacy Act would increase from 2.2 million Australian dollars ($1.4 million) now to AU$50 million ($32 million) under the proposed amendments, Dreyfus added.