Australia may inadvertently fuel cyber crime, says data theft victim
service
Send a link to a friend
 [April 07, 2023]
By Byron Kaye
SYDNEY (Reuters) - An Australian government-backed service for victims
of identity theft blasted a plan to toughen privacy laws amid an
explosion of online data theft, saying it would spur compromised
companies to pay ransom and invite more hacking.
IDCare, a non-profit that helps internet crime victims, said by making
it easier for regulators to fine companies for poor data security and
failing to criminalise ransom payment, Australia may inadvertently fuel
a cyber-crimewave.
The message came in an unpublished submission, reviewed by Reuters, to
the attorney general who is working to update privacy law for the
internet age just as the country experiences a spike in large-scale data
thefts that the government says has touched almost every family.
"A significant reason why Australian governments and businesses are
increasingly targeted by ransomware attacks ... is because we pay,"
IDCare said in the submission.
IDCare's views will count heavily in a government review of privacy laws
expected to make it easier to fine or sue companies that fail to protect
customer data, as it has become one of Canberra's go-to referral groups
to help victims of cyber crime.
Canberra raised the maximum fine to A$50 million ($34 million) from
A$2.2 million for companies that fail to stop data theft after the first
major attack in October, when some 10 million customer accounts at No. 2
telco Optus, owned by Singapore Telecommunications, had information
taken.
The government is now considering making it easier to apply that fine
and simpler for individuals to sue for theft of personal information.
IDCare said by raising the threat of massive fines, Australia would
force companies to choose whether to pay A$1 million, the typical cost
of a ransom demand, or notify the authorities and risk a fine of up to
A$50 million.
"In terms of ransomware attacks, Australia is open for business," it
said.
IDCare noted that Australia was the country fifth-most targeted by data
thieves in January 2023, far worse than other countries relative to its
economy and population.
Without rules that bar or discourage ransom payments, it said "it is
unlikely ransomware groups targeting our organisations will curtail
their activities".
[to top of second column]
|
A delegate uses his laptop during a
break in sessions at a venue in Sydney, Australia, March 17, 2016.
REUTERS/David Gray/File Photo
A spokesperson for Attorney-General Mark Dreyfus said the government
had acted swiftly to increase penalties following large-scale data
breaches and would consider 116 proposals in a review of privacy law
before deciding further steps.
The Office of the Australian Information Commissioner said its
approach in seeking penalties or setting new rules would be
"pragmatic, evidence-based and proportionate".
DEMAND SPIKE
Since Australia made it compulsory for companies to report data
breaches in 2018, IDCare's submission said community demand for its
services had rocketed.
Within a month of the Optus hack, top health insurer Medibank
Private Ltd revealed millions of its accounts had been compromised,
with potentially sensitive medical information stolen from hundreds
of thousands of people.
Then last month, a consumer finance provider, Latitude Financial
Group Holdings Ltd, said hackers stole data from some 14 million
customer accounts over nearly 20 years.
In each case, authorities directed affected customers to IDCare,
which coaches victims on shutting down exposed accounts, notifying
relevant service providers, and preventing losses.
To stem a surge in calls, IDCare now sets up "major incident"
websites for people affected by breaches, its chief commercial
officer Mark Rowley told Reuters.
It also plans to open a new support centre in Sydney by mid-2023,
adding to centres in Brisbane, Perth and New Zealand, and increase
staff to 60 from 40.
"There's no question that since last October the spate of ongoing
data incidents has continued, if not escalated, so it's really
required an acceleration of plans," Rowley said.
"I don't think this year any of us planned for events of that
magnitude in Australia."
($1 = 1.4806 Australian dollars)
(Reporting by Byron Kaye; Editing by Praveen Menon and Sonali Paul)
[© 2023 Thomson Reuters. All rights
reserved.]This material may not be published,
broadcast, rewritten or redistributed.
Thompson Reuters is solely responsible for this content. |
