Australia Inadvertently Invites Cyber Crimewave and Data Theft Victim Service Warns

The Australian government supported service to victims of identity theft has condemned a proposal to strengthen privacy laws. This was in response to the explosion of online data theft. They claimed it would cause compromised companies and encourage more hacking.

IDCare, an organization helping victims of online crime, stated that Australia might inadvertently increase cyber-crime by making it more difficult for regulators and allowing them to fine businesses for data security breaches.

The unpublished message, which was reviewed by Reuters to the attorney General, came as part of an effort to revise privacy law in the age of the internet. This comes at a time when the country is experiencing a rise in large-scale data thieves that, according to government, has affected nearly every family member.

“A significant reason why Australian governments and businesses are increasingly targeted by ransomware attacks … is because we pay,” IDCare said in the submission.

IDCare’s views will count heavily in a government review of privacy laws expected to make it easier to fine or sue companies that fail to protect customer data, as it has become one of Canberra’s go-to referral groups to help victims of cyber crime.

Canberra has increased the maximum fine from A$2.2million to A$50million ($34,000,000) for businesses that failed to stop data theft. This was after the Oct 1st major cyberattack, in which 10 million customers accounts were compromised. Singapore Telecommunications owned 2 Optus telcos.

It is being considered by the government that it may be easier to raise this penalty and for individuals to sue each other for theft.

IDCare claimed that Australia could threaten companies with massive fines by making them choose to either pay A$1 Million, which would be the cost of a ransom request, or to notify authorities and face a maximum of A$50M in fines.

“In terms of ransomware attacks, Australia is open for business,” it said.

IDCare found that Australia was 5th most likely to be targeted by data thefts in January 2023. It is much worse than the other countries, both economically and relative to its population.

Without rules that bar or discourage ransom payments, it said “it is unlikely ransomware groups targeting our organizations will curtail their activities.”

According to a spokesperson for Attorney General Mark Dreyfus, the government responded quickly in increasing penalties in response to large-scale data breaches. The review would include 116 recommendations and then determine further actions.

The Office of the Australian Information Commissioner said its approach in seeking penalties or setting new rules would be “pragmatic, evidence-based and proportionate.”

Demand spike

Since Australia made it compulsory for companies to report data breaches in 2018, IDCare’s submission said community demand for its services had rocketed.

Medibank Private Ltd., the top-rated health insurance company, revealed that millions of accounts were compromised within a month after Optus’ hack. This included potentially sensitive information from hundreds of thousands.

Latitude Group Holdings Ltd., a provider of consumer finance, reported that hackers had stolen data from 14 million accounts in the past 20 years.

Each case involved authorities directing affected customers towards IDCare. IDCare coaches victims in closing exposed accounts, notifying the relevant service providers and stopping losses.

To stem a surge in calls, IDCare now sets up “major incident” websites for people affected by breaches, its chief commercial officer Mark Rowley told Reuters.

Also, it plans to open an additional support centre in Sydney, Australia, by mid-2023. It will also add centers in Brisbane, Perth, New Zealand and New Zealand. The plan is to increase the number of employees to 60, from 40.

“There’s no question that since last October the spate of ongoing data incidents has continued, if not escalated, so it’s really required an acceleration of plans,” Rowley said.

“I don’t think this year any of us planned for events of that magnitude in Australia.”

($1 = 1.4806 Australian dollars)

(Reporting by Byron Kaye. Editing by Praveen Menon, Sonali Paul.

The following topics are available
Cyber
Fraud
Australia