Cyber News 2015
December – Cyber News
Australia
The Australia Government has prepared a draft mandatory data breach notification bill ( The Privacy Amendment (Notification of Serious Data Breaches Bill 2015). If this is passed the bill would make it a legal requirement for business in the private sector and Federal Government Agencies to notify the Federal Privacy Commissioner and individuals that have been impacted by a data breach.
There is no time frame for implementation but there does appear to be significant support for this bill from all the political parties.
21st December
President Barack Obama has recently signed into law a new measure to allow the sharing of cyber threat data and other related information to help combat cyber crime. This was initially to be known as the Cybersecurity Information Security Act but will revert now to the Cybersecurity Sharing Information Act. This has been met with a mixed reaction with views pertaining that this will not add anything meaningful to protecting the privacy of individuals to being welcomed that this will increase knowledge and awareness to prevent future cyber threats to the US.
21st December
Cyber security spending this year amounted to $75.4 billion , an increase of 4.70% , it is estimated to increase to $170 billion by 2020.
The main drivers are perceived to be :-
- Government initiatives
- The increasing high profile of data breaches
- Increased legal actions
17th December
The US Senate has introduced a Business Cyber Security Bill which would place the onus on companies to disclose if they have anyone on their board who is a “cyber security expert”. A business who does not have a “cyber security expert” would need to demonstrate what steps it has in place for cyber security.
In the US, Lifelock Inc , who sell identity theft monitoring and fraud detection services have agreed to settle charges of $100M as it failed to protect its customers data. The Federal Trade Commission had accused Lifelock of violating a 2010 court order which required them to take steps to improve their data secirity, amongst various other allegations.
9th December
A survey carried out by Wallix on UK IT professionals has identified that they are slow to respond to cyber liability insurance
• 47% thought that there was ‘insufficient need’ to invest in cyber-insurance
• 35% of UK respondents didn’t know which department would lead the purchasing of this type of insurance
• 41% did not believe that their business would need to change its IT security policy when taking out cyber-insurance
A copy of the full report can be downloaded at www.wallix.com
2nd December
Australia’s Bureau of Meteorology has been subject of a major cyber attack. The Bureau holds information on climate and weather in Australia and the Antarctic held valuable scientific information . It is unknown what costs are involved in order to rectify. At the moment the blame for the breach is being directed at China.This is the second time in two years that China have been accused of a data breach when top secret blueprints of Australia’s new intelligence agency headquarters were stolen.
Target Corporation has agreed to pay $39.40M in settlement with banks over their 2013 data breach. 40M credit card details were compromised and possibly 110M people may had had their personal information stolen.
1st December
Toymaker VTech advised that data on about 6.40M children was exposed to a hacker attack. The main countries where data was accessed were the United States, France and the U.K.
Hackers could access Mattel’s wi-fi enabled Hello Barbie doll a US security researcher claimed. It is conceivable that information stored by the doll could allow possible hackers to further access a home wi-fi network and then obtain access to other internet connection ted devices. This may lead to the compromising of personal information
November – Cyber News
30th November
Sony has agreed to compensate their employees of up to $10,000 per person for identity theft losses to provide coverage for the cost of credit fraud protection. This could cost Sony a settlement figure of up to $80M . This relates to the Guardians of Peace breach in 2014.
16th November
90% of US healthcare providers have been hit by a data breach since 2013 with a cost to this sector of an average $6 billion a year.
11th November
Morrison staff to sue
Morrisons staff are planning to sue the retailer over a data breach in which a rogue former colleague exposed the bank, salary and National Insurance details of almost 100,000 employees online.
This could be one of the UK’s biggest ever claim relating to a breach of data security, it is understood that maybe up to 2,000 Morrisons staff are planning to launch a group claim against the supermarket.
In July 2015, former employee Andrew Skelton was jailed for eight years over the leak, after a trial at Bradford Crown Court.
Then a senior internal auditor at Morrisons’ Bradford head office, Skelton had taken Morrisons’ payroll information and leaked the details of 99,998 employees after being disciplined by the retailer for a prior incident.
9th November
China are being asked to revise the regulations in place and the drafted changes announced by the China Insurance Regulatory Commission (CIRC). The changes detail how insurance holding companies and asset managers should firstly consider the purchase of secure and robust security products, which includes domestic encryption technology. This news is likely to have an impact of the perceived cyber exposures by insurers of this region.
In tandem with this the Chinese government already considers foreign software to be a possible threat to their national security.
5th November
Mock Cyber Attack
The United States and the UK will later this month test how its regulators would respond if their respective financial sectors suffered a major cyber attack.
The test, for which no date has yet been set, will focus on how regulators for the world’s two biggest financial centers in New York and London communicate in an emergency.
It is proposed that they will be set up on the basis of how both the UK and the US react to particular cyber scenario and how they would then coordinate communications with each other, to the relevant sectors.