Latest news with #OAIC
Techday NZ
5 days ago
- Business
- Techday NZ
Data management - it's a high-stakes game
In today's digital-first economy, data can be both a powerful asset and a significant liability. Companies that proactively manage their data can achieve multiple positive business outcomes such as making optimal use of their storage infrastructure while simultaneously servicing next-generation workloads such as GenAI. Those that fail to act run the risk of spiralling costs in addition to large exposure in the case of a data breach which, in and of itself, could lead to insolvency pursuant to penalties, lawsuits, and reputational damage. Ensuring data is organised, accessible, and protected is critical to a company's survival. Failing to do so jeopardises business operations and could lead to severe regulatory and legal repercussions. Consequences of poor data management The recent MediSecure breach in 2024 is a stark warning. With 12.9 million Australians affected, the fallout was swift and devastating. Within months, the company was forced into voluntary administration. Cyber breaches are not an isolated event - the Office of the Australian Information Commissioner (OAIC) reported 527 data breach notifications from January to June 2024 alone, with cybersecurity incidents leading to data exfiltration reported in 38 percent of those cases. As a result, financial organisations in particular, (including banks, superannuation funds, and insurance companies), are facing growing scrutiny in relation to their cyber risk management standards and practices which extend to any third parties managing information assets on behalf of the institution. The Australian Prudential Regulation Authority (APRA) has introduced stricter cybersecurity standards, and failure to comply comes with severe penalties, including potential jail time for executives. Under these new standards rules, breaches must be reported within 72 hours, and in some cases, within 24 hours if critical operations are affected. Companies that fall short risk financial penalties and irreparable reputational damage. Real-world fallout: A crime scene in your office Many businesses fail to realise that a serious data breach can result in their operations being treated as a crime scene wherein law enforcement and regulatory authorities may step in, securing the business much like they would a physical crime site. Designation of the site as a crime scene can mean locked-down servers, restricted access to critical systems, and an operational freeze that can bring even the largest enterprises to a grinding halt. Without a structured and well-managed data framework, recovering from such an event can be nearly impossible. The vulnerability of unstructured data One of the biggest risks enterprises face is the proliferation of unstructured data, which is ingested via emails, documents, social media posts, videos, and other business files. Unstructured data can account for between 80 and 90 percent of a company's data holdings, and often sits on servers with no obvious business related purpose. For example, a CEO might send an email with an attached financial report to all 300 staff in an organisation, 50 percent of whom save the attached report for future reference. That same file stored by the recipients is now duplicated 150 times. This can happen with hundreds of files, images and documents which can lead to silos of data, with little or no organisation, and can lead to a data management emergency. APRA's upcoming CPS230 standard, effective 1 July 2025, mandates that financial institutions must not only protect and manage their data but also have the capability to operate from a clean, separate system post-attack. The CPS230 requirement aligns with the existing CPS234 framework, which calls for clear security accountability at every level of an organisation extending to third parties who might be managing data assets. However, meeting these stringent standards will be an uphill battle without proper data management practices. The Path Forward: Management, Secure, and Optimise Organisations must implement a robust data management strategy to have clear insights on their data, safeguard against cyber threats, and ensure compliance with evolving regulations. Advanced data management platforms can provide critical support by: Assessing and categorising unstructured data to identify and protect high-value assets. to identify and protect high-value assets. Eliminating redundant, obsolete, or trivial data to streamline operations and reduce attack surfaces. to streamline operations and reduce attack surfaces. Enhancing data visibility to improve governance and facilitate rapid response in case of a breach. By proactively organising and securing their data, businesses can ensure that critical information is readily available when needed, reducing downtime and enabling faster recovery from downtime caused by cyber-attacks or human errors. In an era where AI and LLMs thrive on curated and relevant data, proper management also positions companies to leverage emerging technologies effectively. Such advanced technologies simply won't function optimally if the data they are fed is sub-standard – so, again, proactive data management is essential. Don't wait until it's too late The risks associated with poor data management are no longer hypothetical. As regulations tighten and cyber threats grow more sophisticated, organisations must take immediate action to secure their data and prepare for the future. Data management is not just a best practice - it's a business imperative. Those who fail to act may find themselves not just facing financial losses, but quite literally locked out of their own operations. In a world where your data could determine your survival, can you afford not to take control?
Daily Mail
18-07-2025
- Politics
- Daily Mail
Aussies urged to monitor their bank accounts after Clive Palmer hack
Australians have been urged to monitor their bank accounts for suspicious activity after cybercriminals targeted companies belonging to billionaire Clive Palmer. Palmer's two multi-million dollar political ventures, the United Australia Party (UAP) and Trumpet of Patriots (TOP), fell victim to a ransomware breach on June 23. The hack is believed to have exposed vast amounts of personal data, including bank details, identity documents and confidential correspondence. Details have only just been made public after the parties admitted they could not determine the full extent of the damage or identify all those affected. In a statement to supporters, TOP revealed that 'unauthorized access' was detected on their servers and that 'years' worth of sensitive documents have been stolen. 'We do not know comprehensively what information of yours was on the server but you should assume that any information you have provided would have been stored on the server,' the statement read. TOP said it did not keep a record of whose details were on the server, saying it was 'impracticable' to attempt to notify those affected individually. The parties confirmed that all emails to and from their systems, along with their attachments and internal documents, may have been accessed or downloaded. In the wake of the attack, the parties say they have secured their systems and restored data using backup tapes. The incident has been reported to the Office of the Australian Information Commissioner (OAIC) and the Australian Signals Directorate. Australians who have ever contacted or supported the UAP or Trumpet of Patriots are being urged to take precautionary steps, including changing passwords, enabling multi-factor authentication, and monitoring bank accounts for suspicious activity. Both the UAP and TOP have long courted controversy for its bizarre policy stances, anti-lockdown campaigns and populist rhetoric. During election campaigns, the party became notorious for bombarding millions of Australians with mass text messages, a tactic that skirts anti-spam laws by exploiting exemptions for electoral communication . It is not known if the database of text messages owned by TOP or UAP was compromised in the hack last month. Ironically, the party has urged those impacted to remain on guard from messages sent by political parties. 'Please remain alert especially with email, text messages or phone calls, particularly where the sender or call purports to be from the Political Parties,' it said. The Trumpet of Patriots failed to win a single seat in the House of Representatives in the 2025 election, despite sending $60 million on ads. In 2022, the then United Australia Party won just one seat in the Senate, after splashing a whopping $120 million on campaign efforts. In 2021, the party claimed it had more than 80,000 members. Daily Mail Australia has contacted the Trumpet of Patriots for comment.
News.com.au
18-07-2025
- Business
- News.com.au
Class action alleges Qantas ‘failed' to protect personal information in wake of major data breach
Qantas failed to protect passengers' personal information, according to a law firm seeking potential compensation from the airline after a major data breach. Maurice Blackburn Lawyers have lodged a complaint with the Office of the Australian Information Commissioner (OAIC), alleging the airline 'failed to take reasonable steps to protect personal information' and therefore interfered with privacy under the privacy act. The details of nearly six million Qantas customers were potentially compromised in the data breach of one of the airline's call centres on June 30, including addresses, phone numbers, meal preferences, and Frequent Flyer details. Qantas has confirmed there is no evidence of any personal data being released, nor credit card or passport details or personal financial information accessed. 'Register with us' Maurice Blackburn principal lawyer Elizabeth O'Shea confirmed an official complaint had been lodged against the airline, encouraging those affected in the breach to register with the firm to receive updates about potential compensation. 'While we await a response and potential action from the OAIC in relation to Qantas failing to adequately protect the personal information of its customers, we would encourage Qantas customers who were impacted by the breach to register with us to receive updates about the representative complaint and compensation which may be sought on your behalf,' Ms O'Shea said in a statement. 'It is early days in what we are learning about the mass data breach, but if you're one of the millions of people that have had your personal information compromised, you're eligible to register with us and we will keep you informed as the matter progresses.' A Qantas spokeswoman said the company remained focused on supporting customers. 'Qantas understands that a complaint has been lodged by Maurice Blackburn on behalf of some affected customers in relation to our recent cyber incident,' the spokeswoman said. 'Our focus continues to be on supporting our customers and providing ongoing access to specialist identity protection advice and resources.' Qantas have moved to prevent the stolen data from being accessed, viewed, released, used, transmitted or published by anyone, including third parties, following the granting of an interim injunction in the NSW Supreme Court. The airline also filed a statement of claim against anyone who carried out, participated or assisted in stealing of the data, communicated payment demands to Qantas, or posted some or all of the stolen data online. The defendant, and any third parties, were prevented by the court from publishing the stolen data online, transmitting or disclosing it to any other person, using and viewing any of the data except for the purpose of gaining legal advice, and promoting or publishing any links where the data may be downloaded without the written consent of Qantas. They were also ordered to take all reasonable steps to remove the data from the internet, including any 'dark web' locations.
Daily Mail
18-07-2025
- Politics
- Daily Mail
Aussies urged to monitor their bank accounts for 'suspicious activity' after Clive Palmer hacked by cybercriminals
Australians have been urged to monitor their bank accounts for suspicious activity after cybercriminals targeted companies belonging to billionaire Clive Palmer. Palmer's two multi-million dollar political ventures, the United Australia Party (UAP) and Trumpet of Patriots (TOP), fell victim to a ransomware breach on June 23. The hack is believed to have exposed vast amounts of personal data, including bank details, identity documents and confidential correspondence. Details have only just been made public after the parties admitted they could not determine the full extent of the damage or identify all those affected. In a statement to supporters, TOP revealed that 'unauthorised access' was detected on their servers and that 'years' worth of sensitive documents have been stolen. 'We do not know comprehensively what information of yours was on the server but you should assume that any information you have provided would have been stored on the server,' the statement read. TOP said it did not keep a record of whose details were on the server, saying it was 'impracticable' to attempt to notify those affected individually. The parties confirmed that all emails to and from their systems, along with their attachments and internal documents, may have been accessed or downloaded. In the wake of the attack, the parties say they have secured their systems and restored data using backup tapes. The incident has been reported to the Office of the Australian Information Commissioner (OAIC) and the Australian Signals Directorate. Australians who have ever contacted or supported the UAP or Trumpet of Patriots are being urged to take precautionary steps, including changing passwords, enabling multi-factor authentication, and monitoring bank accounts for suspicious activity. Both the UAP and TOP have long courted controversy for its bizarre policy stances, anti-lockdown campaigns and populist rhetoric. During election campaigns, the party became notorious for bombarding millions of Australians with mass text messages, a tactic that skirts anti-spam laws by exploiting exemptions for electoral communication. It is not known if the database of text messages owned by TOP or UAP was compromised in the hack last month. Ironically, the party has urged those impacted to remain on guard from messages sent by political parties. 'Please remain alert especially with email, text messages or phone calls, particularly where the sender or call purports to be from the Political Parties,' it said. The Trumpet of Patriots failed to win a single seat in the House of Representatives in the 2025 election, despite sending $60million on ads. In 2022, the then United Australia Party won just one seat in the Senate, after splashing a whopping $120million on campaign efforts. In 2021, the party claimed it had more than 80,000 members.
Yahoo
17-07-2025
- Business
- Yahoo
Compensation sought for millions of Qantas customers hit in major cyber data breach
A fresh bid has been launched to seek compensation on behalf of the millions of Qantas customers whose data was exposed in a major data breach. Nearly six million customers had their personal information compromised by the breach on June 30. Maurice Blackburn has lodged a complaint with the Office of the Australian Commissioner (OAIC) on behalf of impacted individuals. It alleges that Qantas failed to take reasonable steps to protect personal information. The Qantas hack occurred in Manila at one of the airline's call centres, with a cyber criminal gaining access to a third party customer servicing platform. The data of 5.7 million customers was on that system. RELATED Major Qantas update after 6 million customer details stolen in cyber attack Coles and Costco grocery price comparison 'shocks' Aussie mum Aussie tradie loses $110,000 house deposit due to small detail Maurice Blackburn principal lawyer Elizabeth O'Shea said the official complaint was lodged late yesterday with the OAIC, the authority charged with taking action over breaches of the Privacy Act. 'While we await a response and potential action from the OAIC in relation to Qantas failing to adequately protect the personal information of its customers, we would encourage Qantas customers who were impacted by the breach to register with us to receive updates about the representative complaint and compensation which may be sought on your behalf,' she said. 'It is early days in what we are learning about the mass data breach, but if you're one of the millions of people that have had your personal information compromised, you're eligible to register with us and we will keep you informed as the matter progresses.' O'Shea noted that registration was free and non-binding. Qantas gets court order to prevent release of hacked data It comes as Qantas obtained an interim injunction in the NSW Supreme Court to try and stop the publication of the stolen data. 'We want to do all we can to protect our customers' personal information and believe this was an important next course of action,' Qantas said in a statement. There is no evidence that any personal data stolen from Qantas has been released, but Qantas said it was actively monitoring the situation with the support of cyber security experts. The injunction means that in the event cyber criminals do post details on the dark web, others won't be able to repost or publish the details. Qantas previously revealed that of the 5.7 million customers impacted by the breach, 4 million customers had their name, email and frequent flyer details impacted. Of the remaining 1.7 million, about 1.3 million had residential and business addresses, 1.1 million had date of birth, 900,000 had phone numbers, 400,000 their gender, and 10,000 their meal preferences impacted. No credit card details, personal financial information or passport details were stored in the system. Customers have been advised to remain vigilant to scams and report them to in retrieving data Sign in to access your portfolio Error in retrieving data
