It's been a year. Here's a timeline of cyber security events, as they've unfolded over the past 12 months:
Feb 2022: Russian-Ukraine War invasion brought a wave of cybersecurity concerns worldwide. A year on the German minister warns of “massive danger from Russian hackers”
June 2022: An increase in the number and sophistication of Australian cyber threats was noted for the 21/22 Financial Year with the Australian Cyber Security Centre’s Annual Cyber Threat Report showing an 13% increase of cybercrime reports, compared to the previous year (more than 76,000 in total).
Sept 2022: 10 million Optus customers felt the burn of “the biggest hack in Australian history” with the Australian Government calling out the telecommunications giant for having “left the window open”
Oct 2022: A month later, it was turn for 480,000 Medibank customers to feel exposed, with the second cyber attack in so many months (bonus round for those who were also Optus customers). An estimated 2.2 million MyDeal (Woolworths subsidiary) customers were hit by a data breach
Nov 2022: Data shows a 33.3% increase in “data breaches that reportedly impacted larger numbers of Australians’ between Jan-June 2022, compared to the previous six months. The Australian Government’s “Notifiable data breaches report January to June 2022” identified that 24 data breaches had reported to affect 5,000 or more Australians, compared with 18 breaches in July to December 2021.
Dec 2022: In the most anti-climatic ending that everyone saw coming, after weeks of full transparency with their stakeholders, Medibank advised that the hackers had probably released the full trove of customer records online.
The Privacy Legislation Amendment (Enforcement and Other Measures) Act 2022 increased the maximum penalties for serious privacy breaches to (the greater of): $50 million; three times the value of any benefit obtained through the misuse of information; or 30 per cent of an entity’s adjusted turnover in the relevant period.
Feb 2023: The Privacy Act Review Report, was released, containing 116 proposals to strengthen and modernise the act (feedback open to the public until March 31.)
Prime Minister Anthony Albanese appointed a National Coordinator for Cyber Security, announced at the Cyber Security Roundtable, as part of the under progress 2023 - 2030 Australian Cyber Security Strategy.
1 March 2023: Notifiable data breaches report: showed a sharp rise in Australia's major cyberattacks and privacy breaches during the July-Dec 2022 period, with the total number of reported incidents ⬆ 26% (compared to previous six months).
16 March 2023: Latitude Financial went public with 330,000 customers having their information stolen - the majority drivers licences and phone numbers - with the warning that the number might grow.
20 March 2023: Latitude Financial added findings that the number of customers affected was likely to grow, with about 5% having passports and medicare information impacted.
Read these articles, for more cyber security insights:
➡ We read the 2023 - 2030 Australian Cyber Security Strategy, so you don't have to.
➡ It's every Australian businesses' responsibility to protect our data. So, why hasn't this happened?
➡ Let's take a look at best practice.
Questions about cyber security, data governance, data quality or data strategy? Feel free to reach out to Lisa to chat.
Lisa has 30 years' industry experience in Business Intelligence, Data Governance, CyberSecurity and Master Data Consultant, together with MBA, CPA and GAICD qualifications and specialist skills in developing Business Intelligence solutions - including data warehouse project management, master data and business process optimisation.
