Our lunch and learns we focus on the most recent cyber security attacks and data breaches.
With bad actors becoming increasingly smarter in their attack methods, cyber security awareness around previous hacks is more crucial than ever!

Optus suffered from a major cyber attack which lead to a class action has been brought against Optus and OAIC (Australian Information Commissioner) opened an investigation against them.

OPTUS CYBER ATTACK
TYPE OF ATTACK: PII data breach
CAUSE: misconfigured APIs
IMPACT: 10 million people’s PII records compromised

During a massive data breach, personal details of 9.8 million Optus customers were stolen, including names, dates of birth, phone numbers, email and home addresses, driver's license numbers (not card numbers), and passport numbers. To cover the cost of the breach, Optus has allocated $140 million.

In an effort to assist the most affected customers, Optus has offered to pay for a one-year subscription to Equifax Protect, a credit monitoring and identity protection service. The primary concern for customers is the potential for impersonation or identity theft.

An individual, aged 20, took advantage of the breach by sending scam text messages to at least 92 Optus customers. Utilising data obtained from the breach, the perpetrator demanded $2000 and made threats of further financial crimes.

In an update on the situation, a class action has been initiated against Optus, and the Australian Information Commissioner (OAIC) has opened an investigation into the matter. The OAIC will receive an additional $5.5 million over two years for its involvement in responding to the Optus data breach. Their investigation will focus on whether Optus took reasonable measures to safeguard personal information and if their data collection practices were necessary and aligned with privacy principles.

Furthermore, the government has expedited reforms to the Privacy Act, increasing the maximum penalty for serious breaches to at least $50 million. The amendments encompass higher fines for breaches, a reinforced notifiable data breaches scheme, enhanced enforcement powers for the OAIC, and improved information sharing arrangements.

[ Ссылка ]
info@cisonline.com.au

свернуть