A mid-March data breach at Australian financial service provider Latitude was initially estimated as impacting a little over a quarter of a million of its customers. Latitude now says that 14 million records were exposed, including passport numbers.
Australia’s Latitude Financial Services is investigating a data breach that impacted two third-party service providers, exposing hundreds of thousands of customer records.
Among the 116 proposals in the Privacy Act review are calls for safeguards similar to those provided by the EU's GDPR. Small businesses will likely be upset at seeing previously proposed exemptions wiped away, however.
Organizations found to be responsible for a privacy breach now face a maximum penalty of AUD 50 million, 30% of adjusted annual domestic turnover, or three times the value of any benefit obtained through the misuse of the leaked information.
The announcement has raised questions in some circles as to what the extent of the cyber task force's plans are. "Hacking back" is a very contentious concept that exists in a murky international water of cyber engagement norms and unspoken rules.
Medibank has opted to ignore demands for ransom payments for the recent data breach of about 9.7 million health data records. Criminals have published a fraction of the stolen data on the dark web, including those of high-profile politicians.
Privacy act draft proposes a maximum penalty of the greater of $50 million, three times the value of any benefit obtained through the misuse of information stolen in data breaches, or 30% of the company's annual domestic turnover.
Medibank is Australia’s largest health insurance provider with some 3.7 million customers. In some cases, medical records are among the health insurance policies and the thief had named about 1,000 high-profile or at-risk people.
Following Optus hack, the Telstra data breach appears to be limited to the signup process of a third-party rewards system for company staff, but two telcos losing personal information in two weeks has caused serious concern.
The breach of Optus, the second-largest telecoms company in Australia, created a leak of about 10 million records of personal information. The government says that it is time for new privacy rules.