SFDA to penalize 996 erring establishments    German Chancellor calls Saudi Crown Prince to discuss regional developments    Ministry penalizes Umrah companies over accommodation violations    Alkhorayef Commercial Company partners with XSQUARE Technologies to elevate logistics automation in Saudi Arabia    Hotel occupancy in Saudi Arabia rises to 63% as tourism workforce tops 983,000 in Q1 2025    Saudi e-commerce sales jump to SR69 billion during 1Q 2025    Scores killed in Gaza as Israel intensifies strikes    Trump lands first major legislative win after Congress passes his massive domestic policy bill    At 90, the Dalai Lama braces for final showdown with Beijing Reincarnation    Astronomers spot an interstellar object zipping through our solar system    Portugal and Liverpool FC winger Diogo Jota dies in car accident in Spain    Michael Madsen, actor of 'Kill Bill' and 'Reservoir Dogs' fame, dead at 67    Lacazette joins NEOM SC as Saudi Pro League newcomers boost attack with French star    Al Hilal sign Abderrazak Hamdallah on loan for Club World Cup push    Saudi Arabia and Indonesia call for immediate end to Gaza catastrophe Private sector companies sign pacts worth $27 billion during visit of President Prabowo    Elm, One sign MoU to enhance strategic partnership and support local content in communications and marketing sector    BTS are back: K-pop band confirm new album and tour    Michelin Guide launches in Saudi Arabia with phased rollout in 2025    Al Hilal stun Manchester City in seven-goal thriller to reach Club World Cup quarterfinals    'How fragile we are': Roskilde Festival tragedy remembered 25 years on    Sholay: Bollywood epic roars back to big screen after 50 years with new ending    Ministry launches online booking for slaughterhouses on eve of Eid Al-Adha    Shah Rukh Khan makes Met Gala debut in Sabyasachi    Pakistani star's Bollywood return excites fans and riles far right    Exotic Taif Roses Simulation Performed at Taif Rose Festival    Asian shares mixed Tuesday    Weather Forecast for Tuesday    Saudi Tourism Authority Participates in Arabian Travel Market Exhibition in Dubai    Minister of Industry Announces 50 Investment Opportunities Worth over SAR 96 Billion in Machinery, Equipment Sector    HRH Crown Prince Offers Condolences to Crown Prince of Kuwait on Death of Sheikh Fawaz Salman Abdullah Al-Ali Al-Malek Al-Sabah    HRH Crown Prince Congratulates Santiago Peña on Winning Presidential Election in Paraguay    SDAIA Launches 1st Phase of 'Elevate Program' to Train 1,000 Women on Data, AI    41 Saudi Citizens and 171 Others from Brotherly and Friendly Countries Arrive in Saudi Arabia from Sudan    Saudi Arabia Hosts 1st Meeting of Arab Authorities Controlling Medicines    General Directorate of Narcotics Control Foils Attempt to Smuggle over 5 Million Amphetamine Pills    NAVI Javelins Crowned as Champions of Women's Counter-Strike: Global Offensive (CS:GO) Competitions    Saudi Karate Team Wins Four Medals in World Youth League Championship    Third Edition of FIFA Forward Program Kicks off in Riyadh    Evacuated from Sudan, 187 Nationals from Several Countries Arrive in Jeddah    SPA Documents Thajjud Prayer at Prophet's Mosque in Madinah    SFDA Recommends to Test Blood Sugar at Home Two or Three Hours after Meals    SFDA Offers Various Recommendations for Safe Food Frying    SFDA Provides Five Tips for Using Home Blood Pressure Monitor    SFDA: Instant Soup Contains Large Amounts of Salt    Mawani: New shipping service to connect Jubail Commercial Port to 11 global ports    Custodian of the Two Holy Mosques Delivers Speech to Pilgrims, Citizens, Residents and Muslims around the World    Sheikh Al-Issa in Arafah's Sermon: Allaah Blessed You by Making It Easy for You to Carry out This Obligation. Thus, Ensure Following the Guidance of Your Prophet    Custodian of the Two Holy Mosques addresses citizens and all Muslims on the occasion of the Holy month of Ramadan    







Thank you for reporting!
This image will be automatically disabled when it gets reported by several people.



How a massive data breach has exposed Australia
Published in The Saudi Gazette on 29 - 09 - 2022

Last week, Australian telecommunications giant Optus revealed about 10 million customers — about 40% of the population — had personal data stolen in what it calls a cyber-attack.
Some experts say it may be the worst data breach in Australia's history.
But this week has seen more dramatic and messy developments — including ransom threats, tense public exchanges and scrutiny over whether this constituted a "hack" at all.
It's also ignited critical questions about how Australia handles data and privacy.
Optus - a subsidiary of Singapore Telecommunications Ltd - went public with the breach about 24 hours after it noticed suspicious activity on its network.
Australia's second biggest telecoms provider said current and former customers' data was stolen - including names, birthdates, home addresses, phone and email contacts, and passport and driving license numbers. It stressed that payment details and account passwords were not compromised.
Those whose passport or licence numbers were taken - roughly 2.8 million people - are at a "quite significant" risk of identity theft and fraud, the government has since said.
Optus said it was investigating the breach and had notified police, financial institutions, and government regulators. The breach appears to have originated overseas, local media reported.
In an emotional apology, Optus chief executive Kelly Bayer Rosmarin called it a "sophisticated attack", saying the company has very strong cybersecurity.
"Obviously, I am angry that there are people out there that want to do this to our customers, and I'm disappointed that we couldn't have prevented it," she said on Friday.
Then a ransom threat was made
Early on Saturday, an internet user published data samples on an online forum and demanded a ransom of $1m (A$1.5m; £938,000) in cryptocurrency from Optus.
The company had a week to pay or the other stolen data would be sold off in batches, the person said.
Investigators are yet to verify the user's claims, but some experts quickly said the sample data - which contained about 100 records - appeared legitimate.
Sydney-based tech reporter Jeremy Kirk contacted the purported hacker and said the person gave him a detailed explanation of how they stole the data.
The user contradicted Optus's claims the breach was "sophisticated", saying they puled the data from a freely accessible software interface.
"No authenticate needed... All open to internet for any one to use," they said in a message, according to Kirk.
As data circulates, revelations of more stolen details
In another escalation on Tuesday, the person claiming to be the hacker released 10,000 customer records and reiterated the ransom deadline.
But just hours later, the user apologized - saying it had been a "mistake" - and deleted the previously posted data sets.
"Too many eyes. We will not sale [sic] data to anyone," they posted. "Deepest apology to Optus for this. Hope all goes well from this."
That sparked speculation about whether Optus had paid the ransom - which the company denies - or whether the user had been spooked by the police investigation.
Adding to the problem, others on the forum had copied the now-deleted data sets, and continued to distribute them.
It also emerged some customers' Medicare details - government identification numbers that could provide access to medical records - had also been stolen, something Optus did not previously disclose.
Late on Wednesday, the company said this had affected almost 37,000 Medicare cards.
Optus has been inundated with messages from angry customers since last week.
People have been warned to watch out for signs of identity theft and for opportunistic scammers, who are said to be already cashing in on the confusion.
A class-action lawsuit could soon be filed against the company. "This is potentially the most serious privacy breach in Australian history, both in terms of the number of affected people and the nature of the information disclosed," said Ben Zocco from Slater and Gordon Lawyers.
The government has called the breach "unprecedented" and blamed Optus, saying it "effectively left the window open" for sensitive data to be stolen.
In an ABC television interview on Monday, Cyber Security Minister Clare O'Neil was asked: "You certainly don't seem to be buying the line from Optus that this was a sophisticated attack?"
"Well, it wasn't. So no," Ms O'Neil replied. The moment drew lots of attention online.
Ms Bayer Rosmarin told News Corp Australia on Tuesday: "We have multiple layers of protection. So it is not the case of having some sort of completely exposed APIs [software interfaces] sitting out there.
"I think most customers understand that we are not the villains," she said, adding Optus could not say more while the investigation was ongoing.
The company has faced calls to cover the costs of replacement passport and driving licences, as people scramble to protect themselves.
The breach highlights how much Australia lags other parts of the world on privacy and cyber issues, Ms O'Neil says.
"We are probably a decade behind... where we ought to be," she told the ABC.
Both sides of politics have traded blame on the issue. Opposition MPs have said the Labor government is "asleep at the wheel", but the government points out it was only elected in May after a decade of conservative rule.
Ms O'Neil pointed to two areas needing urgent reform.
She argues the government should be able to better penalize companies like Optus. In some countries, the company would have faced hundreds of millions of dollars in penalties but Australia's fine is capped at about $2m, she said.
She also wants to expand cyber-security laws that were introduced last year to include telecommunications companies.
"At the time, the telecommunications sector said: "Don't worry about us - we're really good at cybersecurity. We'll do it without being regulated. I would say that this incident really calls that assertion into question."
Security experts have also suggested reforming data retention laws so telecommunication companies don't have to keep sensitive information for so long. Ex-customers should also have the right to request companies delete their data, experts say.
Optus says it is required to keep identity data for six years under the current rules.
Other industry figures have argued consumers should be able to take companies that lose control of their information to court, instead of the industry regulator. — BBC


Clic here to read the story from its source.