Hackers may see Australia as weak target after Optus, Medibank data breaches, insider says

After a series of recent data breaches, international computer hacking syndicates are targeting more Australian targets, say cybersecurity experts.

Companies including Optus and Medibank recently revealed that: millions Customer records leaked.

Ben Walker, who has worked in cybersecurity for six years in the private health insurance industry, says hackers will now “see Australia as a soft target.”

“I think [hackers] It will be emboldened by this…they will probably come looking for another organization,” he said.

“They would be interested … the fact that two large Australian companies were both affected in a short period of time.”

Medibank has not yet detailed the cause of the breach, but fears it has left the insurers themselves vulnerable.

“I think the truth is… [the company] Either they would have left the door unlocked, or they would have left the door open, or they would have left the window unlocked, or they would have left the window open,” Walker said.

Medibank Chief Executive Officer David Koczkar has issued a frank apology to those affected and promised to keep customers and the public updated on the investigation.

Walker said he was surprised when the company announced it was on strike.

“Medibank is actually very sophisticated and very mature. [its] Cyber ​​defense,” Walker said.

“Without Medibank, we would certainly be one of the other big private health insurers,” he said, adding that hospitals and general surgery could be future victims. .

“My advice to all organizations in Australia is ‘keep an eye out’.

“I think hacking will become more prevalent and millions of records will be exposed.”

There have been a series of cyberattacks in recent weeks. Ransomware Attack on Private IT Provider to Department of Defensewas revealed on Monday.

many unreported breaches

Jane Andrew, a data breach researcher at the University of Sydney, said smaller organizations affected by cyberattacks are likely to be “silent” to avoid scrutiny.

Australia’s Data Breach Notification Act requires only companies with an annual turnover of $3 million or more to notify the Privacy Commissioner of exposed customer data.

Professor Andrew added that current law only requires companies to disclose to the commissioner and not to the public.

“Organization [such as] Optus is telling us not because we have to do so under the law, but because we know they will be subject to scrutiny,” she said.

Attorney General Mark Dreyfuss last week A bill to amend the Personal Information Protection Law was submittedraises fines for large-scale data breaches to a minimum of $50 million.

The current maximum penalty for serious or repeated privacy violations is approximately $2 million.

Professor Andrew said the increased fines were beneficial but “not sufficient” and said all companies should be forced to disclose their infringements.

Medibank declined to respond to written questions from ABC regarding this article, citing advice from the Australian Federal Police.

In a statement, an Optus spokesperson said:

“Optus apologizes to customers who have been victims of this attack.

“We are aware of the concerns this has caused and have worked with governments to minimize the impact on those affected and will continue to do so.

“We are taking various measures to protect our customers, such as replacing documents with public numbers.”

look at the abc 7.30Monday through Thursday at 7:30 p.m. on ABC iview and ABC TV