In the past few months several household names have made the headlines in Australia for data breaches affecting millions of customers. This includes Optus, Medibank, and MyDeal (an online retailer owned by Woolworths).
The Optus data breach in September affected 9.8 million customers, including former customers dating back to 2017. This sophisticated cyber-attack saw identification details and documents compromised, including driver’s license or passport numbers and Medicare ID numbers for a subset of customers. Affected customers have been advised to replace these documents to proactively prevent identity theft.
In October 9.7 million current and former Medibank customers had their data breached in a cyber-attack, which saw a significant amount of health claims data, including diagnoses and procedures, compromised.
MyDeal, an online shopping site, was recently purchased by Woolworths in September. The company’s data breach saw the personal information of 2.2 million customers compromised. For some customers this included their name, email, phone number, delivery address and date of birth.
What is a data breach?
A data breach occurs when sensitive information is accessed or shared by an unauthorised person. This can happen internally when an employee shares sensitive information accidentally or on purpose for financial gain. It can also be the result of an external threat, such as a hacker accessing a corporate database.
Despite the focus on larger companies in the news, data breaches are a concern for businesses of all sizes. They have severe and ongoing effects including reputational damage and financial losses, with 39% of these losses occurring more than a year later.
In the Office of the Australian Information Commissioner’s (OAIC) latest Notifiable Data Breaches Report for July-December 2021, health service providers and finance were the top industry sectors reporting data breaches, with 55% of data breaches resulting from malicious or criminal attacks.
Impact on individuals
When customer or client information is compromised by a data breach, they’re at risk of identity theft. In fact, 80% of data breaches target personally identifiable information, which often includes financial information. Cyber criminals use this information to commit fraud in customer’s names, and benefit further from this data when they use it to launch individual phishing attacks.
Actions affected customers or clients can take to strengthen their security online include the following:
- Updating software
- Changing passwords (including email and online banking passwords) and implementing multi-factor authentication (MFA)
- Changing banking pin numbers and monitoring account statements
How to respond to a data breach
Under the Notifiable Data Breaches scheme, it is mandatory for organisations covered by the Privacy Act 1988 to notify affected customers or clients when a data breach that is likely to result in serious harm occurs. This includes organisations with an annual turnover of more than $3 million. This doesn’t typically include small businesses, but there are some exceptions. Businesses covered by the Privacy Act 1988 can find resources from the OAIC to plan for and respond to data breaches here.
Whether your business has obligations under the Privacy Act 1988 or not, it’s essential to protect your customer relationships by strengthening your lines of defence against cyber threats.
Can data breaches be prevented?
Data breaches cause long term reputational and financial damage, but there are proactive steps you can take to prevent them. At Ever Nimble we offer solutions to help strengthen your business’ cyber security and protect your customers’ data including Cyber Awareness Training (CAT) to reduce human risk, and our SOC (Security Operations Centre) service to monitor and remediate cyber threats.
90% of cyber-attacks are successful due to human error, so it’s critical to keep your staff’s knowledge of cyber security best practices up to date. Our CAT platform provides an easy-to-follow program that trains, tests, and measures your staff’s cyber awareness knowledge, and gives them the skills to recognise and avoid cyber threats.
Our SOC (Security Operations Centre) and MDR (Managed Detection Response) service offers a comprehensive cyber security monitoring system that hunts for threats, malicious activity, and data breaches. In the event of a serious breach or compromise, our team is alerted so they can act quickly to remediate the situation.
Interested in learning more about how these services can help you prevent data breaches? Contact us at +61 8 6381 6900 or get in touch with us at firstname.lastname@example.org.