Repeat hacks highlight Australia's cyber flaws / Photo: Muhammad FAROOQ - AFP
-
Resurgent Pakistan seal T20 sweep of Australia
-
Fiji top sevens standings after comeback win in Singapore
-
Alcaraz sweeps past Djokovic to win 'dream' Australian Open
-
Death toll from Swiss New Year bar fire rises to 41
-
Alcaraz says Nadal inspired him to 'special' Australian Open title
-
Pakistan seeks out perpetrators after deadly separatist attacks
-
Ukraine war talks delayed to Wednesday, Zelensky says
-
Djokovic says 'been a great ride' after Melbourne final loss
-
Von Allmen storms to downhill win in final Olympic tune-up
-
Carlos Alcaraz: tennis history-maker with shades of Federer
-
Alcaraz sweeps past Djokovic to win maiden Australian Open title
-
Israel says partially reopening Gaza's Rafah crossing
-
French IT giant Capgemini to sell US subsidiary after row over ICE links
-
Iran's Khamenei likens protests to 'coup', warns of regional war
-
New Epstein accuser claims sexual encounter with ex-prince Andrew: report
-
Italy's extrovert Olympic icon Alberto Tomba insists he is 'shy guy'
-
Chloe Kim goes for unprecedented snowboard halfpipe Olympic treble
-
Pakistan combing for perpetrators after deadly separatist attacks
-
Israel partially reopens Gaza's Rafah crossing
-
Iran declares European armies 'terrorist groups' after IRGC designation
-
Snowstorm disrupts travel in southern US as blast of icy weather widens
-
Denmark's Andresen swoops to win Cadel Evans Road Race
-
Volkanovski beats Lopes in rematch to defend UFC featherweight title
-
Sea of colour as Malaysia's Hindus mark Thaipusam with piercings and prayer
-
Exiled Tibetans choose leaders for lost homeland
-
Afghan returnees in Bamiyan struggle despite new homes
-
Mired in economic trouble, Bangladesh pins hopes on election boost
-
Chinese cash in jewellery at automated gold recyclers as prices soar
-
Israel to partially reopen Gaza's Rafah crossing
-
'Quiet assassin' Rybakina targets world number one after Melbourne win
-
Deportation raids drive Minneapolis immigrant family into hiding
-
Nvidia boss insists 'huge' investment in OpenAI on track
-
'Immortal' Indian comics keep up with changing times
-
With Trump mum, last US-Russia nuclear pact set to end
-
In Sudan's old port of Suakin, dreams of a tourism revival
-
Narco violence dominates as Costa Rica votes for president
-
Snowstorm barrels into southern US as blast of icy weather widens
-
LA Olympic chief 'deeply regrets' flirty Maxwell emails in Epstein files
-
Rose powers to commanding six-shot lead at Torrey Pines
-
BusinessHotels Launches AI Hotel Price Finder for Real-Time Rate Verification
-
Sidekick Tools Announces Upcoming Depop OTL and WhatNot Follow Features Alongside AI Updates
-
Remotify CEO Maria Sucgang Recognized as Tatler Gen.T Leader of Tomorrow
-
The Blessing of Good Fortune Is Here: Own Equity in a Lithium Mining Company - Elektros Inc. - at a Bottom-Basement Discount, Right Here, Right Now
-
Barca wasteful but beat Elche to extend Liga lead
-
Konate cut short compassionate leave to ease Liverpool injury crisis
-
Separatist attacks in Pakistan kill 33, dozens of militants dead
-
Dodgers manager Roberts says Ohtani won't pitch in Classic
-
Arsenal stretch Premier League lead as Chelsea, Liverpool stage comebacks
-
Korda defies cold and wind to lead LPGA opener
-
New head of US mission in Venezuela arrives as ties warm
NYSE - LSE
Repeat hacks highlight Australia's cyber flaws
Inadequate privacy safeguards and the stockpiling of sensitive customer information have made Australia a lucrative target in the eyes of foreign hackers, cybersecurity experts told AFP following a series of major data breaches.
Medibank, Australia's largest private health insurer, recently confirmed that hackers had accessed the data of 9.7 million current and former customers, including medical records related to drug abuse and pregnancy terminations.
Telecom company Optus fell prey to a data breach of similar scale in late September, during which the personal details of up to 9.8 million people were accessed.
Both incidents sit comfortably among the largest data breaches in Australian history.
Australian National University cybersecurity expert Thomas Haines said many companies had been hoarding personal data that they should not have been hanging on to.
"There was a famous line for a while: Data is the new oil," he told AFP.
"If data is the new oil, then we're living the era of the weekly oil spill."
Haines contrasted Australia's approach with that of the European Union, which in 2018 adopted sweeping privacy reforms limiting how organisations collect, use and store personal data.
"There have got to be incentives in place to stop companies hoarding data they don't need, or to penalise those companies for big leaks. Europe has done this," he said.
"At the moment the business incentives are basically along the lines of: Let's just keep a whole bunch of data."
Haines said Medibank appeared to be an exception, in that most of the sensitive information within its databases had been stored for good reason.
- Hacking 'for profit' -
Australia's comparatively weak safeguards against identity theft meant it was also easier to exploit stolen personal information, Haines said.
"All they need to know is your passport, your driver's licence and some other things -- and then I can start taking out loans in your name."
Haines said European countries such as Norway had much more stringent requirements involving face-to-face contact.
Dennis Desmond, a former FBI agent and US Defense Intelligence Agency officer, said most hackers were searching for particular types of data.
"For-profit hackers are going after healthcare data, they're going after identity data and credentials to access systems," he told AFP.
"There is a profit motivation there, otherwise they wouldn't be risking jail and prosecution."
The Medibank hackers this week started leaking stolen data to a dark web forum, after the company refused to pay a US$9.7 million (Aus$15 million) ransom.
The Optus breach led to the theft of customers' names, birth dates, and passport numbers.
- Russia blamed -
Australian Federal Police Commissioner Reece Kershaw on Friday blamed the Medibank cyberattack on a team of hackers based in Russia.
"We believe those responsible for the breach are in Russia," he told reporters.
"Our intelligence points to a group of loosely affiliated cyber criminals who are likely responsible for past significant breaches in countries across the world."
Medibank data leaked to the dark web so far has included hundreds of potentially-compromising medical records related to drug addiction, alcohol abuse and sexually-transmitted infections.
Home Affairs Minister Clare O'Neil conceded on Friday the country's cyber defences had not always been up to scratch.
University of Sydney data researcher Jane Andrew said one major flaw was that Australian companies were not always obliged to report data breaches.
"There are heaps of data breaches happening all the time that we don't hear anything about," she told AFP.
"Companies have been gathering data because it's seen to be valuable, without fully understanding the potential risks."
H.Thompson--AT
