As the government develops online safety guidelines, digital rights groups says any approach requiring the use of ID is ‘invasive and risky’

• Get our morning and afternoon news emails, free app or daily news podcast

In the wake of the Optus and Medibank data breaches, digital rights groups are urging the federal government to rule out requiring identification documents as part of any online age-verification system, warning it could create a honeypot of people’s personal information and pornography-viewing habits.

The eSafety commissioner, Julie Inman Grant, is developing an online safety “roadmap”, outlining a way to prevent minors from accessing adult content online by ensuring host sites have verified the ages of users.

Sign up for our free morning and afternoon email newsletters from Guardian Australia for your daily news roundup

Continue reading…

from Data and computer security | The Guardian https://ift.tt/uhksWrM
via IFTTT

Techniques which allow the sharing of data whilst keeping it secure may revolutionise fields from healthcare to law enforcement

Rachel is a student at a US university who was sexually assaulted on campus. She decided against reporting it (fewer than 10% of survivors do). What she did, however, was register the assault on a website that is using novel ideas from cryptography to help catch serial sexual predators.

The organisation Callisto lets a survivor enter their name in a database, together with identifying details of their assailant, such as social media handle or phone number. These details are encrypted, meaning that the identities of the survivor and the perpetrator are anonymous. If you hacked into the database, there is no way to identify either party.

Continue reading…

from Data and computer security | The Guardian https://ift.tt/jvqUNrK
via IFTTT

Experts suggest using multifactor authentication and telling your bank to put extra security checks in place

• Follow our Australia news live blog for the latest updates
• Get our morning and afternoon news emails, free app or daily news podcast

Millions of Medibank’s current and former customers have had their personal information, including health claims, exposed in a hack of the company’s customer database.

Here’s what we know so far, and what you can do.

Name

Address

Date of birth

Gender

Email address

Medicare card number (in some cases)

Health claims made with Medibank

Financial support for customers who “are in a uniquely vulnerable position” as a result of the hack, who will be supported on an individual basis.

Access to Medibank’s health and wellbeing support line.

Specialist ID protection services from IDCARE.

Identity monitoring services for customers who have had their primary ID compromised.

Reimbursement of fees for reissue of ID documents that were “fully compromised” in the hack.

Continue reading…

from Data and computer security | The Guardian https://ift.tt/oda3Kb7
via IFTTT

Watchdog says phishing email enabled hackers to steal personal information of 113,000 employees

Britain’s data watchdog has fined the construction group Interserve £4.4m after a cyber-attack that enabled hackers to steal the personal and financial information of up to 113,000 employees.

The attack occurred when Interserve ran an outsourcing business and was designated a “strategic supplier to the government with clients including the Ministry of Defence”. Bank account details, national insurance numbers, ethnic origin, sexual orientation and religion were among the personal information compromised.

Continue reading…

from Data and computer security | The Guardian https://ift.tt/RW6A78u
via IFTTT

In wake of Optus and Medicare leaks, serious or repeated breaches of customer information will attract heavy penalties under new legislation

• Get our morning and afternoon news emails, free app or daily news podcast

Companies that fail to adequately protect people’s data could face fines of $50m or more under new legislation to be introduced next week.

After Optus and Medibank reported significant breaches of customer data, including sensitive health information, the Albanese government was now moving to increase penalties for serious or repeated breaches of customer data.

Sign up for our free morning newsletter and afternoon email to get your daily news roundup

Continue reading…

from Data and computer security | The Guardian https://ift.tt/l8OPMRm
via IFTTT

Electricity company says attack accessed information on 323 customers but ‘no evidence’ data was transferred elsewhere

• Get our morning and afternoon news emails, free app or daily news podcast

EnergyAustralia has become the latest company to be targeted by a cyber-attack, with hundreds of customers’ details exposed.

In a statement released late on Friday, the electricity company said 323 residential and small business customers were affected by unauthorised access to their online platform, My Account.

Sign up for our free morning newsletter and afternoon email to get your daily news roundup

Continue reading…

from Data and computer security | The Guardian https://ift.tt/e8zJSoA
via IFTTT

Experts warn using any single system could have its own cybersecurity weaknesses leaving data vulnerable to misuse

• Follow our Australia news live blog for the latest updates
• ​​Get our free news app, morning email briefing and daily news podcast

The Australian government is considering using myGov or its myGovID system to centralise digital identity authentication in the wake of the Optus data breach, but critics warn any single system could have its own cybersecurity weaknesses.

The former Telstra chief executive David Thodey was recruited to audit myGov when the Albanese government came into power, and his review would now examine whether myGov could be used to prevent people needing to present ID documents multiple times, a spokesperson for the government services minister, Bill Shorten, said.

Sign up to receive an email with the top stories from Guardian Australia every morning

Continue reading…

from Data and computer security | The Guardian https://ift.tt/6seljAz
via IFTTT

Does a breach need to happen before we see regulatory change?

Thanks to Optus, millions of people are now acutely aware of what can happen when companies don’t take privacy and security seriously. But telcos aren’t alone in collecting and storing too much of our personal information. The real estate industry is often overlooked in conversations about data security, but it is one of the most invasive, with potentially devastating consequences for renters across the country.

If you’ve ever been a renter, this is probably a familiar story: you’re searching for somewhere to live, rents are high, competition is stiff, and in the process of applying you’re asked for immense amounts of information. In addition to identification documents (which we are all now very protective of), they probably ask for a background check, bank statements, and years’ worth of employment and rental history. You might feel uncomfortable about how much they ask for, but hey, what can you do? If you say no, someone else will say yes and get the house instead.

Continue reading…

from Data and computer security | The Guardian https://ift.tt/zIrlwqs
via IFTTT

Identification repair service receives a month’s worth of complaint calls in three days as government pressures telco to pay for replacement ID documents

• Follow our Australia news live blog for the latest updates
• Get our free news app, morning email briefing or daily news podcast

Former Virgin Mobile and Gomo customers are the latest to have been informed by Optus that their personal information was exposed in the company’s massive data breach, as an identification repair service reveals it has fielded a month’s worth of complaint calls in three days.

It has been a week since Optus first revealed up to 10 million of its customers had personal information – including names, addresses, emails and dates of birth – exposed, with 2.8 million having passport, licence or Medicare numbers also made visible.

Continue reading…

from Data and computer security | The Guardian https://ift.tt/3Pg9Gzf
via IFTTT

Mark Dreyfus indicates potential reforms to laws regarding data breaches including higher penalties, mandatory precautions and customer notifications

• Follow our Australia news live blog for the latest updates
• Get our free news app, morning email briefing or daily news podcast

Privacy law changes, including tougher penalties for data breaches, could be legislated as early as this year, the attorney general has said in the wake of the Optus breach.

Mark Dreyfus revealed on Thursday that in addition to completing a review of Australia’s privacy laws the Albanese government will look to legislate “even more urgent reforms” late this year or in early 2023.

Continue reading…

from Data and computer security | The Guardian https://ift.tt/oYuQ8zd
via IFTTT