Repeat hacks highlight Australia's cyber flaws

tech.hindustantimes.com:

Inadequate privacy safeguards and the stockpiling of sensitive customer information have made Australia a lucrative target in the eyes of foreign hackers, cybersecurity experts told AFP following a series of major data breaches.

Medibank, Australia's largest private health insurer, recently confirmed that hackers had accessed the data of 9.7 million current and former customers, including medical records related to drug abuse and pregnancy terminations.

Telecom company Optus fell prey to a data breach of similar scale in late September, during which the personal details of up to 9.8 million people were accessed.

Both incidents sit comfortably among the largest data breaches in Australian history.

Australian National University cybersecurity expert Thomas Haines said many companies had been hoarding personal data that they should not have been hanging on to.

"There was a famous line for a while: Data is the new oil," he told AFP.

"If data is the new oil, then we're living the era of the weekly oil spill."

Haines contrasted Australia's approach with that of the European Union, which in 2018 adopted sweeping privacy reforms limiting how organisations collect, use and store personal data.

"There have got to be incentives in place to stop companies hoarding data they don't need, or to penalise those companies for big leaks. Europe has done this," he said.

"At the moment the business incentives are basically along the lines of: Let's just keep a whole bunch of data."

Haines said Medibank appeared to be an exception, in that most of the sensitive information within its databases had been stored for good reason.

- Hacking 'for profit' -

Australia's comparatively weak safeguards against identity theft meant it was also easier to exploit