Repeat hacks highlight Australia's cyber flaws / Photo: Muhammad FAROOQ - AFP
-
Gotterup tops Matsuyama in playoff to win Phoenix Open
-
New Zealand's Christchurch mosque killer appeals conviction
-
Leonard's 41 leads Clippers over T-Wolves, Knicks cruise
-
Trump says China's Xi to visit US 'toward the end of the year'
-
Real Madrid edge Valencia to stay on Barca's tail, Atletico slump
-
Malinin keeps USA golden in Olympic figure skating team event
-
Lebanon building collapse toll rises to 9: civil defence
-
Real Madrid keep pressure on Barca with tight win at Valencia
-
PSG trounce Marseille to move back top of Ligue 1
-
Hong Kong to sentence media mogul Jimmy Lai in national security trial
-
Lillard will try to match record with third NBA 3-Point title
-
Vonn breaks leg as crashes out in brutal end to Olympic dream
-
Malinin enters the fray as Japan lead USA in Olympics team skating
-
Thailand's Anutin readies for coalition talks after election win
-
Fans arrive for Patriots-Seahawks Super Bowl as politics swirl
-
'Send Help' repeats as N.America box office champ
-
Japan close gap on USA in Winter Olympics team skating event
-
Liverpool improvement not reflected in results, says Slot
-
Japan PM Takaichi basks in election triumph
-
Machado's close ally released in Venezuela
-
Dimarco helps Inter to eight-point lead in Serie A
-
Man City 'needed' to beat Liverpool to keep title race alive: Silva
-
Czech snowboarder Maderova lands shock Olympic parallel giant slalom win
-
Man City fight back to end Anfield hoodoo and reel in Arsenal
-
Diaz treble helps Bayern crush Hoffenheim and go six clear
-
US astronaut to take her 3-year-old's cuddly rabbit into space
-
Israeli president to honour Bondi Beach attack victims on Australia visit
-
Apologetic Turkish center Sengun replaces Shai as NBA All-Star
-
Romania, Argentina leaders invited to Trump 'Board of Peace' meeting
-
Kamindu heroics steer Sri Lanka past Ireland in T20 World Cup
-
Age just a number for veteran Olympic snowboard champion Karl
-
England's Feyi-Waboso out of Scotland Six Nations clash
-
Thailand's pilot PM lands runaway election win
-
Sarr strikes as Palace end winless run at Brighton
-
Olympic star Ledecka says athletes ignored in debate over future of snowboard event
-
Auger-Aliassime retains Montpellier Open crown
-
Lindsey Vonn, skiing's iron lady whose Olympic dream ended in tears
-
Conservative Thai PM claims election victory
-
Kamindu fireworks rescue Sri Lanka to 163-6 against Ireland
-
UK PM's top aide quits in scandal over Mandelson links to Epstein
-
Reed continues Gulf romp with victory in Qatar
-
Conservative Thai PM heading for election victory: projections
-
Heartache for Olympic downhill champion Johnson after Vonn's crash
-
Takaichi on course for landslide win in Japan election
-
Wales coach Tandy will avoid 'knee-jerk' reaction to crushing England loss
-
Sanae Takaichi, Japan's triumphant first woman PM
-
England avoid seismic shock by beating Nepal in last-ball thriller
-
Karl defends Olympic men's parallel giant slalom crown
-
Colour and caution as banned kite-flying festival returns to Pakistan
-
England cling on to beat Nepal in last-ball thriller
NYSE - LSE
Repeat hacks highlight Australia's cyber flaws
Inadequate privacy safeguards and the stockpiling of sensitive customer information have made Australia a lucrative target in the eyes of foreign hackers, cybersecurity experts told AFP following a series of major data breaches.
Medibank, Australia's largest private health insurer, recently confirmed that hackers had accessed the data of 9.7 million current and former customers, including medical records related to drug abuse and pregnancy terminations.
Telecom company Optus fell prey to a data breach of similar scale in late September, during which the personal details of up to 9.8 million people were accessed.
Both incidents sit comfortably among the largest data breaches in Australian history.
Australian National University cybersecurity expert Thomas Haines said many companies had been hoarding personal data that they should not have been hanging on to.
"There was a famous line for a while: Data is the new oil," he told AFP.
"If data is the new oil, then we're living the era of the weekly oil spill."
Haines contrasted Australia's approach with that of the European Union, which in 2018 adopted sweeping privacy reforms limiting how organisations collect, use and store personal data.
"There have got to be incentives in place to stop companies hoarding data they don't need, or to penalise those companies for big leaks. Europe has done this," he said.
"At the moment the business incentives are basically along the lines of: Let's just keep a whole bunch of data."
Haines said Medibank appeared to be an exception, in that most of the sensitive information within its databases had been stored for good reason.
- Hacking 'for profit' -
Australia's comparatively weak safeguards against identity theft meant it was also easier to exploit stolen personal information, Haines said.
"All they need to know is your passport, your driver's licence and some other things -- and then I can start taking out loans in your name."
Haines said European countries such as Norway had much more stringent requirements involving face-to-face contact.
Dennis Desmond, a former FBI agent and US Defense Intelligence Agency officer, said most hackers were searching for particular types of data.
"For-profit hackers are going after healthcare data, they're going after identity data and credentials to access systems," he told AFP.
"There is a profit motivation there, otherwise they wouldn't be risking jail and prosecution."
The Medibank hackers this week started leaking stolen data to a dark web forum, after the company refused to pay a US$9.7 million (Aus$15 million) ransom.
The Optus breach led to the theft of customers' names, birth dates, and passport numbers.
- Russia blamed -
Australian Federal Police Commissioner Reece Kershaw on Friday blamed the Medibank cyberattack on a team of hackers based in Russia.
"We believe those responsible for the breach are in Russia," he told reporters.
"Our intelligence points to a group of loosely affiliated cyber criminals who are likely responsible for past significant breaches in countries across the world."
Medibank data leaked to the dark web so far has included hundreds of potentially-compromising medical records related to drug addiction, alcohol abuse and sexually-transmitted infections.
Home Affairs Minister Clare O'Neil conceded on Friday the country's cyber defences had not always been up to scratch.
University of Sydney data researcher Jane Andrew said one major flaw was that Australian companies were not always obliged to report data breaches.
"There are heaps of data breaches happening all the time that we don't hear anything about," she told AFP.
"Companies have been gathering data because it's seen to be valuable, without fully understanding the potential risks."
H.E.Young--AMWN
