Is Australia Under Siege by Cybercriminals?
Top of mind for many Australians right now is cyber security. With so many incidents happening in Australia – and around the world identity theft, fraud and extortion are becoming a sad reality for many people.
First and foremost is the Optus data breach that’s impacted 9.8m people. With an Aussie population of 25.9m in March 2022 – this cyber incident has impacted at least 37% of the nation. There are still so many questions about this incident that are unanswered.
And the potential of massive ID theft is very real. There are many unresolved questions about how this happened, the specific data compromised for individual customers, and why former customers who closed their Optus accounts many years ago had their information stolen too, and much more.
Even after many weeks, current and former Optus customers are reporting difficulties in getting details about what was stolen, much less getting assistance with replacing stolen credentials and putting in place ID protection – particularly for former clients who in many cases cancelled accounts years ago and no longer have relevant details.
Last week Medibank detected suspicious IT activity and immediately took steps to stop what appeared to be an unsuccessful ransomware attack. However, as of this writing, Medibank has received “messages from a group that wishes to negotiate regarding their alleged removal of customer data.”
Initially, the criminal provided records for 100 policies (which in some cases included sensitive medical data), and the incident was being investigated by the AFP as crime.
Even more ominously, on the evening of 25 Oct 2022, Medibank announced that their cybercrime investigation has now established that the criminal had access to:
- All ahm customers’ personal data and significant amounts of health claims data
- All international student customers’ personal data and significant amounts of health claims data
- All Medibank customers’ personal data and significant amounts of health claims data
We still don’t know the magnitude of highly sensitive personal and health claims data the criminal has stolen (v accessed). And Medibank expects that the number of affected customers could grow substantially.
Given that health insurance policies tend to cover families – not just individuals – this has the potential to have an even larger impact than the nearly 4 million Medibank members who took out policies, so it remains to be seen just how bad this will be.
Just over a week ago Woolworths Group’s online retailer MyDeal confirmed that 2.2m customers had information compromised in yet another data breach. Apparently, the MyDeal customer data accessed included customer names, email addresses, phone numbers, delivery addresses, and in some instances, the date of birth of customers (who have previously been required to prove their age when purchasing alcohol). The company claims that “for 1.2 million customers involved in the breach only their email addresses were exposed.” But as of this writing, no further info has been made public about this breach.
At approximately the same time, online wine seller Vinomofo disclosed a major data breach in which an intruder accessed customers’ personal information including names, dates of birth, addresses and contact details. Fortunately (in the scheme of the above-mentioned massive data breaches), the company claims about 500,000 customers. Apparently, stolen customer data from Vinomofo has appeared for sale on a Russian-language cybercrime forum.
Australian Federal Police
Even the Australian Federal Police (AFP) has been stung by a massive data breach. Apparently, classified documents and emails from the Colombian government exposed agents working to stop international drug cartels from operating in Australia. Reports say that details of 35 AFP operations were exposed.
Identity Theft Risks
With all of the other breaches that are also happening here and across the world, the risk of massive ID Theft continues to grow. Criminals combine information available on the dark web into extensive profiling databases that can be used to attack individuals with fraud and companies with ingenious social engineering ploys.
IDCare provides support for those impacted by these massive data breaches, and has a special web page for Medibank customers – that also has very good general information.
The Australian Cyber Security Centre is part of the Australian Signals Directorate, and is the official portal for reporting cyber crimes, scams, and gaining general information.
Data Breach Fines Set to Increase
In the wake of this spate of data breaches, the Australian Government is now seeking to increase fines for massive data breaches to a minimum of $50 million, three times the value of the benefit obtained through misuse of data, or 30 per cent of a company’s adjusted turnover in the relevant period.
I hope this is enacted into law – the sooner the better. And in a best case scenario for these super breaches, applied retroactively as well – if it’s proven that inadequate security was the root cause of the breach.
Too many companies ignore even basic cyber security, and these breaches serve as the “wake-up” call to put in place proper protection.
Understanding the Changing the Digital World
Our future is changing. With the massive increase in our reliance on digital technologies since the start of COVID, there has been a corresponding increase in cyber crime, which many companies and individuals are not prepared for. We need to do a lot more to protect ourselves, which will require investment in educating ourselves (as individuals and companies) about current and emerging threats, and taking actions to put in place the best possible cyber security measures at work and home.
In addition to deploying multi-layered cyber security, companies will likely use Artificial Intelligence, pattern recognition and biometrics to help protect our identity in the future. These technologies might not be widespread in the corporate world for client identification yet, but they’re likely to be part of our future to assist in protecting us. And, companies will increasingly rely on AI to help keep their operations safe from ransomware and other attacks.
As a leading futurist keynote speaker, I’m available to assist your firm with internal and external speeches + consulting to help your firm identify both current and emerging cyber threats.
The digital world is getting more dangerous by the day. Even with good planning for known attack vectors, there are so many emerging technologies that are about to become mainstream, which while providing many benefits, can also be abused. Understanding likely threats before they happen will enable your organization to plan for the future.