Cyber and Privacy Update 12 Apr 2019
Friday 12 April 2019
Government proposes major changes to privacy law
The Federal Government has proposed radically increased financial penalties and new powers for the Office of the Australian Information Commissioner, in the wake of increased scrutiny of social media platforms and a growing consensus that Australia's privacy legislation has fallen behind global norms.
Click here for article: https://bit.ly/2VFz4qZ
Largest leak in history: email data breach exposes over two billion personal records
A new world record re size and scope of data breaches has been set by email marketing service Verifications.io, thanks to some unsecured public-facing databases containing what appears to be just about all of their customer information. Passwords were not exposed in the email data breach, but quite a bit of personal information was. Initial reporting indicated that about 763 million records were exposed, but that estimate has since climbed to a little over two billion records as security researchers have found that at least four of the company’s databases were open to anyone who cared to walk in the door.
Click here for article: https://bit.ly/2I8hTLH
APRA provides guidance on complying with new information security measures
On 25 March 2018 APRA released for consultation a draft of Prudential Practice Guide 234 Information Security (‘CPG 234’). The purpose of CPG 234 is to assist APRA regulated entities in complying with Prudential Standard CPS 234 Information Security (‘CPS 234’) which commences 1 July 2019. The draft offers valuable insight into the degree of information security capability APRA will expect of regulated entities following commencement of CPS 234. Importantly, CPG 234 clarifies that Boards of regulated entities should, in order to more effectively discharge their responsibilities under CPS 234, take a more proactive role in working with management on the information security capability of the entity.
Click here for article: https://bit.ly/2Xep8F5
189 Australian banks, financial services providers attacked by SMS-borne malware
Cisco’s Talos security business has detected what it’s described as “a new Android-based campaign targeting Australian financial institutions.” The firm’s explanation of the attack detected an advertisement on an exploit-hawking website that offers malware called “Gustuff” that claims it can attack Westpac, NAB, St George Bank, ING Direct, BankWest, Bank SA and other Australian financial institutions. Talos said it found a 189 sets of logos for Australian banks and cryptocurrency exchanges in the malware.
Click here for article: https://bit.ly/2Dgc3DI