This week has seen Australians exposed to a pair of significant incidents that may have led to personal data being disclosed. Earlier this week, we learned that the Commonwealth Bank lost backup tapes containing a decade of bank statement data a couple of years ago pertaining to about 12 million customers. And, this morning, we learned that Twitter had an internal process failure leading to the usernames and passwords of 300 million users being stored in plain text. What can learn from these incidents to inform our won incident response.
Tagged With data breach
The Commonwealth Bank, one of several large institutions on the back foot over how they treat customers in the Banking Royal Commission, has revealed that they lost the details of 12 million customers as the result of a contractor losing a stash of tape drives. Those drives contained banking statements for customers from 2004 to 2014.
The National Data Breach (NDB) reporting system has been in operation since February and the Office of the Australian Information Commissioner (OAIC) has released their first quarterly report that covers the new reporting regime. Unsuprisingly, the number of breaches reported is way up on previous periods with human error a significant issue.
It's becoming increasingly clear that Facebook has never faced a scandal like the one it's currently fighting through. Revelations over the weekend about its reckless sharing of user data sent its stock price plunging on Monday, and fresh calls for regulations on the social media network are looking more real than ever.
Australian's new Notifiable Data Breaches (NDB) scheme comes into effect today. If you fall under the broad swathe of organisations that needs to to comply with the Privacy Act, then the NDB applies to you. But if you've not being paying attention and haven't been preparing for this, don't panic. You can get yourself moving towards being prepared.
The United States Senate has been looking into last year’s breach at credit rating agency Equifax. They’ve sent a letter to Equifax’s interim CEO, Paulino de Rego Barros Jr, saying the company provided the Congress with misleading, incomplete or contradictory information. Among the Senate’s accusation are the allegation that the scope of the breach was understated, the breach was the result of a series of failures and that the aftermath was botched.
If you had any doubts that criminals were in investing in technology, then this will allay those concerns. By aggregating the data from over 250 separate breaches, cybercriminals have created an easily accessed and usable treasure trove with 1.4 billion clear text log-in credentials according to security researchers 4iQ. If you're in the habit of reusing your credentials then this aggregated, interactive database which lets criminals query and receive responses in under a second should have you worried.
Precedent, the company who was contracted to provide services to the Red Cross Blood Bank, has been liquidated. Although the company has managed to keep trading for well over a year following revelations that a staff member placed confidential data on a publicly-facing server, reports say their work pipeline dried up following the breach.
The recently revealed Uber data breach, that resulted in 57 million customer and 600,000 driver data records being leaked, has seen the leadership ranks of the company's security team gutted. Chief Security Officer Joe Sullivan was fired and his Chief of Staff Pooja Ashok, senior engineer Prithvi Rai and Sullivan's most senior manager Jeff Jones have all resigned.
It has been revealed that Uber was the victim of a cyber-attack that resulted in the personal data of 57 million customers being exposed. And if that wasn't bad enough, it is also being reported that the many paid the hackers $100,000 to keep quiet and delete the data. Under European and Australian laws that will come into effect next year, that $100,000 is small fry compared to the millions of dollars it could cost them.
No doubt you've Googled yourself at least once to see what comes up (or to see what embarrassing photos and blog posts you need to purge from the web before your boss finds them). While doing a search for yourself might yield some predictable results -- your LinkedIn page, any mentions of you in the local paper, obituaries for other people with the same name -- a conversation with a friend on the topic of data breaches led me to search for something I rarely need to find: my own iCloud email address.
Last week's Medicare number leak is a prime example of what can happen when an employee or other trusted party with systems access turns rogue. In truth, if just 80 or so Medicare numbers have been purchased, as has been widely reported, then Medicare has got off lightly. But how big a deal are internal threats? And can we do anything about them?
Yahoo just announced that it was the victim of a devastating state-sponsored hack that resulted in the personal data of half a billion users being breached. If you're a Yahoo user, your account may have been comprised.
The rumours were true; Dropbox was hacked back in 2012 and customer login credentials were compromised. It has now been revealed that over 68 million Dropbox usernames and passwords were stolen. This massive security breach happened because a Dropbox employee reused his account password on other websites. Read on for more details and for lessons that can be learned from this mega breach.