Cybersecurity experts say that in Australia, each year, there are thousands of cyber breaches to businesses. These range from smaller businesses to major ones affecting large organisations. The public only hears about some of these hacks. Last month, the Optus hack was major news with its impact on nearly 10 million customers. This month, the Medibank cyberattack tops the list. So far this year, there have been over 50 data breaches, in this country.
A data breach occurs when an unauthorized individual gains access to sensitive data by copying, transmitting, viewing, or stealing it. Hackers exploit this data to commit identity theft, insurance fraud, and other lucrative cybercrimes.
Data breaches can reveal data that includes financial information, numbers related to government organisations such as Centrelink, Medicare and TFN, driver’s license details, other personal data (such as phone numbers, residential and email addresses), intellectual property and trade secrets.
The Optus hack was concerning due to information that was stolen by the hackers: passport, drivers licence, Medicare, credit card, street and email addresses. As if that was not enough in terms of the data stolen, the recent Medibank breach is a step further as the details drill into an even more private area of personal information: medical records.
Cyber Security Minister Clare O’Neil has slammed the “criminals” claiming to be behind the Medibank data breach, labelling the attack a “dog act” on Australians.
The private health insurer on Thursday revealed it had received messages from a group claiming to have accessed the customer data and threatening to sell the information unless a ransom was paid….
“Financial crime is a terrible thing but ultimately a credit card can be replaced, the threat that is being made here to make the private personal health information of Australians available to the public is a dog act,” she said on Thursday afternoon.
Both Optus and Medicare are large companies and should have had the necessary security systems in place to ensure that the data they have can only be accessed by those who have the required permissions. Yet, we learn that these major organisations have vulnerabilities in their IT systems that made it possible for those from the outside to get in and steal the data.
The data thieves know their trade; whether they are planning a big attack or a smaller one. Here is the experience of one person (David*) shared on talkback radio.
David is having some home renovations done and the builder emailed him an invoice for $100,000 with the bank account details. He paid the money into the bank account that he thought was the builder’s. He only later realised that, although at first glance the email address appeared to be the same as the builder’s, there was a minor difference and the bank details were not the same.
He contacted the bank immediately and fortunately for him the bank, having suspected something was not right, had set it aside. Due to the quick follow-up from David, they could stop the payment.
What had happened?
The scammers had intercepted the builder’s email on its way to David. They made the necessary changes to the invoice, email and bank account and sent it to David.
The warning from the caller to the listeners: Beware.
The scammers are one step ahead and can find ways to hack into emails and re-direct them. They can hack into telecoms and large companies, government departments and get access to information. From Webber Insurance Services, here is The Complete List of Data Breaches In Australia (2018 – 2022).
Yet the government is telling us about this splendid Digital Id system that will make our transactions with both government and private sector so much easier.
Digital Identity provides Australian people and businesses with a single, secure way to access government and other services online…. A secure Digital Identity replaces the need for multiple logins to access different services and makes getting things done with government faster and easier. The system will expand over time to include more government agencies as well as private sector organisations.
All your details: Financial, Medical, Employment, Personal Identity, Mortgage, Passport, Centrelink, Tax, Insurance, Shopping Habits and more as one single service.
There are several entities under one umbrella. How can you be sure that a breach in any one entity—that is not even directly or indirectly connected to any of your services but connected to the overall government Digital Identity system—will not result in the exposure of your personal and sensitive information/data?
With rapidly changing technology, higher connectivity, new features, the dark web, third-party vendors, overseas call centres, budget and cost-saving measures by any of the services and different user behaviours, can anyone guarantee that your confidential data is secure?
Really secure? That hackers won’t find a way? What a treasure chest of data to gain the required information for blackmail, ransom, harassment, intimidation, fraud or crime, all easily accessed from one source. The scammers and hackers must be gleefully awaiting the national Digital Id system. They are one step ahead of the latest security devices and upgrades and can find the areas to attack.
I would recommend the following Action Plan for the Digital Id system.
The government can go ahead and launch a two-year trial, experimental version of the Digital Id system. The volunteers can be all the politicians—at every level of government—who are in favour of this system. Add on senior bureaucrats, heads of government departments and agencies, as well. If there are any WEF minions in the corporate sector, they can be enlisted, too.
After the trial period is over—we, the mere plebs—can decide if we deem the system safe enough to sign up. We can decide if we want to get ourselves a Digital Id and then QR code ourselves into hackers paradise.
The federal government plans to pass legislation where companies will face penalties of a minimum 50 million dollars instead of the current cap at 2.2 million dollars, in cases of customer information being hacked. Will there be any penalties imposed directly on the politicians in the event of any data breaches into this national Digital Id system?