Latest news with #Optus
ABC News
2 days ago
- ABC News
Experts say forcing companies to delete data would remove cybercrime 'honey pot '
Giving Australians the right to force the removal of their personal details from company databases would help combat the growing impact of mass data theft, experts say. More than 25 million customer accounts have been exposed in just three cyber attacks involving major companies in Qantas, Optus and Medibank. University of Queensland cyber security expert Ryan Ko says the number of Australians exposed to the risk of cybercrimes such as identity fraud or extortion is "increasing by the day". "There's no way you can tell how the leaked information is going to be used," he said. Professor Ko says there is no end in sight to these mass data heists. He says that is because highly-organised and opportunistic cybercriminal gangs — some of them state-backed — are well-placed to sniff out the weaknesses of most Australian companies whose "current practice and governance structures [are] not set up to be cyber-resilient". This is despite Australia ranking as the world's number one state in cyber defence, according to a Harvard University report in September 2022. That same month, about 9.8 million Optus customers learned that hackers had accessed their sensitive data including names, birth dates, and in some cases home addresses and passport numbers. In Queensland alone, the state government had to replace more than 178,000 driver licences. The hackers exploited security flaws including a publicly available application programming interface. The next month, hackers targeted Medibank with a ransomware attack, threatening to release the medical records of 9.7 million people on the dark web. The hackers allegedly swiped an IT staffer's sign-in credentials from his private computer, exploiting Medibank's lack of safeguards such as multi-factor authentication, and its alleged failure to act on alerts and warnings from consultants about system weaknesses. The 2022 breaches exposed the details of not only current but also former customers of both Optus and Medibank. Qantas claimed to have learned from these earlier scandals by deleting old customer data. But last month it suffered an attack via its call centre in the Philippines, which exposed details of 5.7 million current Frequent Flyer customers. More than a million people came to learn these included their addresses, reportedly including a federal MP who criticised Qantas for not being "upfront about the extent of personal details accessed at the start". The airline yesterday said it had found no evidence yet of stolen data being released but was "actively monitoring". It took out an interim injunction in the New South Wales Supreme Court to "prevent the stolen data from being accessed, viewed, released, used, transmitted or published by anyone". Corporate accountability in Australia — and the prospect of people being compensated for harm by sharing in penalties on corporations that fail to protect their sensitive data — can be a long time coming. The federal government watchdog, the Office of the Australian Information Commissioner (OIAC) is still investigating the Optus breach almost three years on. The Australian Communications and Media Authority sued Optus in the Federal Court with the matter still ongoing. The OIAC's pursuit of penalties against Medibank also remains with the Federal Court. And there are several class actions by law firms against Medibank which remain on foot. The 2022 breaches did spur privacy reforms by the federal government in December, including greater powers for the OIAC, which can now hit companies with fines of up to $50 million for serious breaches (up from $2.2 million). With regulator crackdowns and legal battles taking years, some experts say there is another proposed reform to address public distrust of companies holding their personal information. This is the "right to erasure", which would allow people to force companies to explain what personal information they hold, what they do with it, and to delete or de-identify that information. Privacy experts such as University of New South Wales academic Katharine Kemp have argued that companies use a "self-serving" interpretation of current guidelines to collect as much customer information as they can, use it for more and hold it for longer. The right to erasure, which has been in place in Europe since 2018, would help stop damaging data hacks, they say. And it is a right that 90 per cent of Australians support, according a 2023 survey of about 1,600 people by the OIAC. James North, who heads the technology practice at law firm Corrs Chambers Westgarth, says there is "a growing sense in the community that … people want more control over their data". He says people have the right to "have the data about you corrected ... but you don't have an explicit right to say, 'Don't use my personal data'". "So that reform would give individuals more control over their data," Mr North says. "I'm obviously not a privacy advocate, I work for big clients and assist them to comply with laws. "But data minimisation, not collecting data that's not required for identity checks for example, and having these avenues for consumers to understand what information companies have about them and making sure that it's appropriate — and for companies to delete information when it's no longer required — it's much better than having a breach and then a class action. "That's in no-one's interests." Professor Ko says the reform would be "a great move, and a great direction, especially given the fact that individuals can hold companies or organisations to account". "In terms of implementation, if it's just within an organisation, the right to erasure is actually technically possible," he says. "It also gives the organisations an opportunity to look into how to communicate that with customers, like, 'If we collect your data, it's used for this, and when you're no longer a customer with us, we'll be deleting this, and you know you can call us'. The Albanese government agreed "in-principle" to the reform in 2023, subject to exceptions in the public interest, including for law enforcement and national security. A spokesman for Federal Attorney-General Michelle Rowland says the government is "aware of the significant impacts of data breaches on people whose personal information has been compromised, often without their knowledge, and is committed to protecting the privacy of all Australians". He says the government is "continuing work on a further tranche of reforms". But he declined to say when it planned to introduce them - or whether they would include a right to erasure. "The government is taking the time needed to get the balance right between protecting people's personal information and allowing it to be used in ways that benefit individuals, society and the economy," he says. "We know this is a complex policy area and engages a wide range of stakeholders with diverse perspectives and interests."
Yahoo
3 days ago
- Business
- Yahoo
Australia's Qantas obtains court order to prevent third-party access to stolen data
(Reuters) -Australia's Qantas Airways said on Thursday it has obtained an interim injunction in the New South Wales (NSW) Supreme Court to prevent the stolen data from being accessed or published by anyone, including by any third parties. Earlier this month, a cyber hacker broke into a database containing the personal information of millions of Qantas customers, Australia's biggest such breach in years. Similar incidents took place in 2022, with telecommunications giant Optus and health insurer Medibank. There continues to be no evidence that any personal data stolen from Qantas has been released, the company said in the statement. The country's flag carrier said that last week it had contacted the 5.7 million affected customers, outlining the specific fields of their personal data that were compromised. "No credit card details, personal financial information or passport details were stored in the compromised system and therefore have not been accessed," Qantas said. The airline operator said it is working closely with several bodies, such as the Australian Federal Police, the National Cyber Security Coordinator and the Australian Cyber Security Centre, to thoroughly investigate criminal activity surrounding the breach.
Tom's Guide
3 days ago
- Business
- Tom's Guide
Amaysim might be new to selling internet plans, but it's won me over with this neat NBN 100 deal
If being value-minded is your MO when it comes to your mobile plan, then you've probably heard of Amaysim. The telco is a budget-focused offshoot of Optus, and has long been known for offering inexpensive postpaid mobile plans. When it launched its NBN offerings late last year, however, Amaysim skimped on providing value, with its home internet options costing above average for most speed tiers. And if you asked me at the time of their debut, I wouldn't have recommended Amaysim's NBN plans, but the telco has since introduced fresh introductory rates that have me eating my own words. Slicing a modest AU$120 off, Amaysim's NBN 100 plan is discounted to just AU$70p/m for the first 6 months, before the price increases to AU$90p/m. Much like the best NBN 100 plans, Amaysim advertises maximum speeds of 100Mbps during the busy evening hours of 7pm to 11pm, and costs AU$23p/m less than the average for the tier — that's around AU$93p/m right now. The plan also comes with unlimited data and works on a no lock-in contract basis. You'll need to act fast to score this epic Amaysim deal — this AU$20p/m discount will expire on July 20, 2025. Amaysim | AU$70p/m (for 6 months, then AU$90p/m) Don't be fooled by this slightly more expensive introductory outlay — Amaysim's 100Mbps plan is a favourable midrange option, as it's still cheaper than the average of AU$93p/m for the tier. Do note, though, Amaysim only offers NBN services, so you'll need to supply your own modem for this plan. Total minimum cost: AU$70 | Total cost for first year: AU$960 | Yearly cost after discount: AU$1,080 When comparing pricing to competitors, Amaysim's offer costs the same as Mate's 100Mbps plan (AU$60p/m for 6 months, then AU$90p/m) in the long run, once the introductory price ends. However, you could pay as little as AU$80 per month if you bundle an Amaysim mobile plan with your NBN, reducing your ongoing bill by another AU$120. This would bring your ongoing yearly costs to just AU$960 — a.k.a. the cheapest ongoing rate for any NBN 100 plan. Amaysim's postpaid plans start from AU$10p/m for 15GB data. One thing of note is that Amaysim exclusively provides NBN services, so routers are strictly BYO, which isn't great if you're looking for an all-in-one NBN and modem package. But, if you've already got an NBN service (which you most likely do), then there's a very good chance that the modem you already have will work with this Amaysim plan. Alternatively, I do recommend this Amazon eero6+ router for AU$249.99 if you want to invest in something new. And, Amaysim does provide new customers with a satisfaction guarantee, where if you're unhappy with the service within the first 30 days, the telco will refund you for the month. So if you're keen on giving Amaysim NBN a go, there's no time like the present to switch and save. If you've got a real need for speed, you can check out Amaysim's other NBN plans here.
CNA
3 days ago
- Business
- CNA
Australia's Qantas obtains court order to prevent third-party access to stolen data
Australia's Qantas Airways said on Thursday it has obtained an interim injunction in the New South Wales (NSW) Supreme Court to prevent the stolen data from being accessed or published by anyone, including by any third parties. Earlier this month, a cyber hacker broke into a database containing the personal information of millions of Qantas customers, Australia's biggest such breach in years. Similar incidents took place in 2022, with telecommunications giant Optus and health insurer Medibank. There continues to be no evidence that any personal data stolen from Qantas has been released, the company said in the statement. The country's flag carrier said that last week it had contacted the 5.7 million affected customers, outlining the specific fields of their personal data that were compromised. "No credit card details, personal financial information or passport details were stored in the compromised system and therefore have not been accessed," Qantas said. The airline operator said it is working closely with several bodies, such as the Australian Federal Police, the National Cyber Security Coordinator and the Australian Cyber Security Centre, to thoroughly investigate criminal activity surrounding the breach.
Reuters
3 days ago
- Business
- Reuters
Australia's Qantas obtains court order to prevent third-party access to stolen data
July 17 (Reuters) - Australia's Qantas Airways ( opens new tab said on Thursday it has obtained an interim injunction in the New South Wales (NSW) Supreme Court to prevent the stolen data from being accessed or published by anyone, including by any third parties. Earlier this month, a cyber hacker broke into a database containing the personal information of millions of Qantas customers, Australia's biggest such breach in years. Similar incidents took place in 2022, with telecommunications giant Optus and health insurer Medibank ( opens new tab. There continues to be no evidence that any personal data stolen from Qantas has been released, the company said in the statement. The country's flag carrier said that last week it had contacted the 5.7 million affected customers, outlining the specific fields of their personal data that were compromised. "No credit card details, personal financial information or passport details were stored in the compromised system and therefore have not been accessed," Qantas said. The airline operator said it is working closely with several bodies, such as the Australian Federal Police, the National Cyber Security Coordinator and the Australian Cyber Security Centre, to thoroughly investigate criminal activity surrounding the breach.
