Category: Awareness

Last Week 22 – 28 May: Only one published data handling breach in the media last week. An interesting trend with data handling and internal data disclosure (via poor access control) being reported.

Last Week Ending 15 May: No publicly disclosed incidents this week, but a lost of coverage of the budget and discussions around the upcoming changes to the Privacy Act from the OAIC. A great resource that I have subscribed to (its free) is Lexology https://www.lexology.com/ , I have it provided a filtered feed of Australian legal and legislative news..

Last Week 15 – 21 May: Three new breaches, Ambulance Victoria internally exposing private medical results, TechnologyOne had its Microsoft 365 environment compromised, then the Medusa ransomware group demanded $100k with 7 days to pay from the Crown Princess Mary Cancer Centre. Fire Rescue Victoria dispatch system five months later trying to get the system fixed…. The federal budget cyber new and a boost for privacy. review of the Privacy Act released, and joint AU/ZN privacy investigation into Latitude breach.

Last Week 01 – 07 May: Two incidents were reported in the press this week. Amnesty International Australia’s report on a breach from December has some interesting notes surrounding the “serious harm” clause of the Australian Breach Notifications rules. HWL Ebsworth Lawyers is a good reminder for Privacy Week about excessive storage and encryption of PII data.

Last Week 24 – 30 April: With the extra free time I’ve rummaged through state government audit agencies sites looking for recent audits. I’ve added two from Western Australia and once from the best state Queensland. They are worth reading to remind us that independent audits are a valuable tool (ISO 27002 5.35 Independent review of information security). Have a great Privacy Awareness Week.

Reports from 17th April – 24th April: Last week TAFE SA incident where police in an unrelated investigation “found” a USB stick full of student registration and identity documents. A report from ASIC “ASIC’s report flagged inconsistencies in dealing with scams between Australia’s big four banks as a major issue” and the banking industries response makes good reading. Hopefully, it will drive a few changes.

Reports from 10th April – 17th April: Last week the deeps of the Latitude (Coles and GEMoney) and Tasmanian Government (GoAnywhere) breaches kept the news feeds busy. Another insider unauthorised access incident led to criminal charges relating to kidnapping. The general themes of stories we third-party risk management and unnecessary retention of data.

Reports from 3rd April – 9th April: More publicly reported breaches increasing the trend we are seeing this year now that the general media sees some new value in these stories. Canberra Health Services and Australian National Maritime Museum were both Insider Threat jobs (one fraud, the other unauthorised access and disclosure). Both are good reminders to tighten up your related internal controls. Tik Tok ban, Operation Cookie Monster and GoAnywhere are among the stories of the week.

Very busy week on the breach reporting front and generally more press coverage of all things cyber. The Latitude breach’s extent revealed over 14 million records stolen. It is still to be revealed if the Tasmanian Government File-Sharing breach was part of the GoAnywhere series