Australia Hacks Affecting 16 Million Send Wakeup Call to Complacent Companies - Bloomberg 28/10/2022, 12:20 pm

Technology
Cybersecurity

Great Australian Hack Sends

Wakeup Call to Complacent
Companies
Fifth breach pushes total people hit by hacks to 16 million
Australia may need to pay more bounties to ethical hackers

By Angus Whitley and Keira Wright

28 October 2022, 9:25 am AWST

From the Apple scoop machineFrom the Apple scoop machineFrom the Apple
scoop machine
Be the first to know what’s next in tech from Mark Gurman's Power On newsletter.Be the first to know
what’s next in tech from Mark Gurman's Power On newsletter.Be the first to know what’s next in tech from
Mark Gurman's Power On newsletter.

Sign up to this newsletter

The fifth cyberattack disclosed in Australia in just one month is triggering

calls for an injection of investment in security and US-style bounties to be
paid to hackers who find holes in corporate defenses. 

The cumulative total of individuals compromised by the hacks has now

passed 16 million, equal to almost two-thirds of Australia’s population. In the
latest hit, Australian Clinical Labs Ltd. on Thursday said data on almost
250,000 patients and staff were accessed in February, including some health

https://www.bloomberg.com/news/articles/2022-10-28/great-australian-hack-sends-wakeup-call-to-complacent-companies Page 1 of 5
Australia Hacks Affecting 16 Million Send Wakeup Call to Complacent Companies - Bloomberg 28/10/2022, 12:20 pm

records and credit card details. It took the Melbourne-based company eight
months to figure out what had happened.

The scale and sensitive nature of the hackers’ total haul -- everything from
emails and birth dates to passport and drivers license numbers -- is a wakeup
call for Australian companies that have shown themselves ill-equipped to
handle major attacks. 

Reported cyberattacks are climbing worldwide: Over 11.43 billion customer

records at several hundred entities have been exposed over the course of
more than a decade, according to data gathered by Bloomberg News. Since
January 2020, at least 92 corporate, government and nonprofit organizations
have suffered major cyberattacks exposing 1 million records or more.

More Australian businesses should be following the lead of companies

including Tesla Inc. and TikTok Inc., which have set up pathways for hackers
to find weaknesses and get paid for their work, said Troy Hunt, who runs
breach-tracking website haveibeenpwned.

“Even if you don’t go all the way to a bounty program, you’ve got to make it
easy to be reported,” Hunt said. “So long as the discovery and the reporting
is done in an ethical fashion.”

A vulnerability disclosure statement, for example, can be a web page telling

hackers how to get in touch. Tesla pays between $100 and $15,000 for each
weakness found, according to the bugcrowd page on the carmaker’s website.
TikTok has paid $585,000 to more than 250 so-called ethical hackers in the
past two years, according to HackerOne, which runs the social media
platform’s bug bounty program. Details of the program are on TikTok’s
website.

https://www.bloomberg.com/news/articles/2022-10-28/great-australian-hack-sends-wakeup-call-to-complacent-companies Page 2 of 5
Australia Hacks Affecting 16 Million Send Wakeup Call to Complacent Companies - Bloomberg 28/10/2022, 12:20 pm

Australia’s latest troubles started in late September when mobile-phone

operator Optus disclosed a vast leak of data on past and present customers.
Optus, a unit of Singapore Telecommunications Ltd., scrambled to clarify
what had been taken. A ransom demand followed, and lawyers for some
affected customers are seeking damages. 

More than 2 million Optus users had identity document numbers

compromised, in what Home Affairs and Cyber Security Minister Clare O’Neil
said was “quite a basic hack.”  

In another near-total breach, Australian health insurer Medibank Private Ltd.

this week said all its 4 million customers lost some kind of data this month.
Significant amounts of health claims data were accessed, it said.

Data Robbery
Australian hacks disclosed in the past month

Individuals Impacted Industry

Optus 9.8 million Mobile telecommunications

Medibank 3.96 million Health insurance

MyDeal 2.2 million Online shopping

ACL 223,000 Medical pathology

Dialog 1,020 Technology consulting

Source: Company announcements via Bloomberg

Note: Optus and Dialog are owned by Singapore Telecommunications. MyDeal is owned by Woolworths.

At the very least, Australian firms must grasp that cybersecurity requires full-
time resources at every level of the business, said Ajay Unni, chief executive
officer and founder of cybersecurity consultancy StickmanCyber. Too many
companies think it’s something to be reviewed once or twice a year, he said.

https://www.bloomberg.com/news/articles/2022-10-28/great-australian-hack-sends-wakeup-call-to-complacent-companies Page 3 of 5
Australia Hacks Affecting 16 Million Send Wakeup Call to Complacent Companies - Bloomberg 28/10/2022, 12:20 pm

“I still see companies that think they can’t be attacked,” he said. “Taking
action after the fact can cost them a lot more.”

Medibank’s data breach could cost the company more than A$200 million
($129 million), according to Bloomberg Intelligence analysts Matt Ingram and
Jack Baxter. The health insurer has already delayed premium increases for
affected customers and could face compensation of A$500 to A$20,000 for
affected policyholders. The stock has plunged almost 20% this week, wiping
about A$1.8 billion off the firm’s market value. 

Reported instances of ransomware cybercrime increased 15% over the 2020-

21 financial year, according to the Australian Cyber Security Centre’s last
Annual Cyber Threat Report. Australia’s government says the country’s
cyberdefences are years behind the criminals. It’s introducing new legislation
that increases oversight of stored data and raises fines for leaks.

Read more: Australia to Introduce Tougher Penalties for Data Breaches

Criminals may not necessarily be mounting more attacks in Australia, but

they’re moving from the dark web to traditional social media to embarrass
their targets and force them to pay ransoms, said Robert Potter, co-founder
and co-CEO of Australian-US cybersecurity company Internet 2.0.

https://www.bloomberg.com/news/articles/2022-10-28/great-australian-hack-sends-wakeup-call-to-complacent-companies Page 4 of 5
Australia Hacks Affecting 16 Million Send Wakeup Call to Complacent Companies - Bloomberg 28/10/2022, 12:20 pm

“Hackers are starting to talk a lot more openly about their targets as part of
their blackmail campaigns,” Potter said. “Previously this used to be much
more hidden.”

While there’s nothing to suggest any country is behind the latest attacks on
Australia, the lapses still raise national security concerns, said Jill Slay, a
professor and cybersecurity researcher at the University of South Australia. If
hackers can breach companies, they can use the same methods to hit
essential services including gas, water and electricity infrastructure, she said.

“You’ve got to be on guard,” she said. “Australians are too laid back.”

This story was produced with the assistance of Bloomberg Automation.

Terms of Service Do Not Sell My Info (California) Trademarks Privacy Policy

©2022 Bloomberg L.P. All Rights Reserved
Careers Made in NYC Advertise Ad Choices Help

https://www.bloomberg.com/news/articles/2022-10-28/great-australian-hack-sends-wakeup-call-to-complacent-companies Page 5 of 5