Repeat hacks highlight Australia's cyber flaws / Photo: Muhammad FAROOQ - AFP
-
Sabalenka, Sinner keep 'Sunshine Double' in sight with Miami Open wins
-
AI used to make 'fetishised' images of disabled women
-
Oil drops as Trump pauses Iran strikes, but stock traders nervous
-
Parents sacrificed all for 15-year-old India prodigy Suryavanshi
-
Sabalenka subdues Rybakina to reach Miami Open final
-
Newcomers could threaten Christiania's hippie soul, locals fear
-
Hornets sting Knicks to maintain playoff push
-
German 'green village' rides out Mideast energy storm
-
US in the spotlight at WTO meet
-
Cyclone triggers outages at major Australian LNG plants
-
US judge suspends govt sanctions on AI company Anthropic
-
US currency to bear Trump's signature, Treasury says
-
Bolivia beat Suriname 2-1 to advance in World Cup playoffs
-
Ukraine destroys Russian terror-oil exports
-
Mets hammer Pirates on historic day of MLB openers
-
Italy stay in World Cup hunt as Wales, Ireland suffer penalty heartbreak
-
Italy need to climb "Everest" in World Cup play-of final: Gattuso
-
Czechs fight back to beat Ireland in World Cup play-off
-
Wales' World Cup dream ended by Bosnia and Herzegovina
-
Mbappe on target as France shrug off red card to beat Brazil
-
Italy beat Northern Ireland to keep World Cup hopes alive
-
Mexico blames oil slick on illegal dumping
-
Gyokeres treble sends Sweden past Ukraine in World Cup play-offs
-
OpenAI shelves plans for erotic chatbot
-
Klopp hails Salah as one of Liverpool's 'all-time greats'
-
Sinner and Gauff advance with ease at Miami Open
-
Trump pushes back Iran strikes deadline
-
South Africa disinvited from G7 in France
-
Oil climbs, stocks slide as Iran war uncertainty reigns
-
Alexander-Arnold must accept 'unfair' England snub, says Tuchel
-
Ko fires 60 to grab early lead at LPGA Ford Championship
-
Arctic sea ice at lowest level ever this winter
-
Oscars to leave Hollywood in 2029: Academy
-
Trump denies he's desperate for Iran deal, Israel short on troops
-
Lagos secures flood insurance for 4 million at-risk Nigerians
-
In crime-hit Peru, candidates vie to be 'meanest sheriff'
-
Kadioglu fires Turkey past Romania, to brink of World Cup
-
Sinner rips Tiafoe to reach Miami Open semis
-
US lays it on the line as WTO mulls future of global trading
-
Joy, scepticism across west Africa after UN vote on slave trade
-
Salah would be 'asset' says San Diego FC owner
-
Parmesan exports doing grate... but sales melt in Italy
-
US cannot meet Iran war-induced LNG shortfall: industry leaders
-
Trump denies being 'desperate' for Iran deal
-
US envoy to UK warns against cancelling king's visit
-
IOC's new gender testing throws up multiple questions
-
Malinin back to his best as third world skating title beckons
-
Cuban children's heart hospital makes tough choices amid US blockade
-
Oil climbs, stocks slide on uncertainty over US-Iran talks
-
Nepal's PM-to-be delivers first post-election message in rap, urges unity
Repeat hacks highlight Australia's cyber flaws
Inadequate privacy safeguards and the stockpiling of sensitive customer information have made Australia a lucrative target in the eyes of foreign hackers, cybersecurity experts told AFP following a series of major data breaches.
Medibank, Australia's largest private health insurer, recently confirmed that hackers had accessed the data of 9.7 million current and former customers, including medical records related to drug abuse and pregnancy terminations.
Telecom company Optus fell prey to a data breach of similar scale in late September, during which the personal details of up to 9.8 million people were accessed.
Both incidents sit comfortably among the largest data breaches in Australian history.
Australian National University cybersecurity expert Thomas Haines said many companies had been hoarding personal data that they should not have been hanging on to.
"There was a famous line for a while: Data is the new oil," he told AFP.
"If data is the new oil, then we're living the era of the weekly oil spill."
Haines contrasted Australia's approach with that of the European Union, which in 2018 adopted sweeping privacy reforms limiting how organisations collect, use and store personal data.
"There have got to be incentives in place to stop companies hoarding data they don't need, or to penalise those companies for big leaks. Europe has done this," he said.
"At the moment the business incentives are basically along the lines of: Let's just keep a whole bunch of data."
Haines said Medibank appeared to be an exception, in that most of the sensitive information within its databases had been stored for good reason.
- Hacking 'for profit' -
Australia's comparatively weak safeguards against identity theft meant it was also easier to exploit stolen personal information, Haines said.
"All they need to know is your passport, your driver's licence and some other things -- and then I can start taking out loans in your name."
Haines said European countries such as Norway had much more stringent requirements involving face-to-face contact.
Dennis Desmond, a former FBI agent and US Defense Intelligence Agency officer, said most hackers were searching for particular types of data.
"For-profit hackers are going after healthcare data, they're going after identity data and credentials to access systems," he told AFP.
"There is a profit motivation there, otherwise they wouldn't be risking jail and prosecution."
The Medibank hackers this week started leaking stolen data to a dark web forum, after the company refused to pay a US$9.7 million (Aus$15 million) ransom.
The Optus breach led to the theft of customers' names, birth dates, and passport numbers.
- Russia blamed -
Australian Federal Police Commissioner Reece Kershaw on Friday blamed the Medibank cyberattack on a team of hackers based in Russia.
"We believe those responsible for the breach are in Russia," he told reporters.
"Our intelligence points to a group of loosely affiliated cyber criminals who are likely responsible for past significant breaches in countries across the world."
Medibank data leaked to the dark web so far has included hundreds of potentially-compromising medical records related to drug addiction, alcohol abuse and sexually-transmitted infections.
Home Affairs Minister Clare O'Neil conceded on Friday the country's cyber defences had not always been up to scratch.
University of Sydney data researcher Jane Andrew said one major flaw was that Australian companies were not always obliged to report data breaches.
"There are heaps of data breaches happening all the time that we don't hear anything about," she told AFP.
"Companies have been gathering data because it's seen to be valuable, without fully understanding the potential risks."
H.E.Young--AMWN
