Privacy, what privacy?
Is my financial and identity information safe online? The simple answer must be no, based on the latest official data on privacy breaches.
Can Australians have confidence in the finance, health and insurance companies they give their bank account and ID documents to? The answer must also be no.
Our personal, financial and identity information is being stolen, kidnapped, held for ransom, lost in old email files and we may not even be adequately informed about it.
These are the big takeaways from the latest data breach report by the Office of the Australian Information Commissioner. More than 500 companies and other entities lost millions of customer details in the first six months of the year and some did not adequately inform their customers.
Health finance and insurance companies are the three big targets for these criminals.
The Commissioner is particularly concerned about a surge in ransomware attacks. Email ‘phishing’ continues to be the leading source of malicious attacks but ransomware is the growing, frightening, new trend of criminals taking over systems and holding our data for ransom.
They demand money in exchange for an decryption key to allow companies back into their own customer databases.
However many Australian computer systems and administrators don’t seem up to the task of securing our data.
In the face of these serious new threats, some of the big companies that hold our financial details in their systems are are not even deleting old emails that contain our sensitive information.
The OIAC has told companies to delete old emails “from both the inbox and sent box.”
This instruction will not give consumers confidence about handing over their information. If basic email security is a problem how can our companies resist sophisticated criminal activity?
A spike in human error data breaches occurred in May and the OAIC warned companies to keep data safe during COVID-19.
About 120 businesses did NOT detect that their systems had been breached in less than 30 days. 47 companies took between two months and one year, while 14 Australian entities did not know for more than 12 months.
Some organisations also failed to adequately provide advice to the people affected.
Contact information (like name, email and phone number) remains the most common type of personal information stolen according to the Commissioner.
But one third of data breaches involved the theft or loss of ID information like passport and drivers license numbers while just under one third involved the loss of personal financial information like bank accounts.
46 per cent of breaches involved the loss of up to ten people’s information. 64 per cent involved up to 100 people. Three breaches involved more than one million people.
More on this at CashWelcome.org.