Optus has struck back at ACMA’s claim that a cyberattack that exposed the information of around 10 million customers was not a “highly sophisticated” operation.
Australian Clinical Labs, which is facing regulatory action over a 2022 data breach, is fighting the information commissioner’s claim that it breached privacy laws 21.5 million times.
Medibank has denied breaching privacy rules in response to the regulator’s case over a 2022 cyber attack, but has admitted sensitive data was hacked in part because its network lacked multi-factor authentication.
The privacy regulator was alerted to hundreds of data breaches in the first half of 2024, the highest number in three and a half years, a new report shows.
A promised overhaul of the Privacy Act has begun with reforms that make doxxing a crime and could see businesses face new claims, including class actions, for serious invasions of privacy.
The OAIC will not investigate Clearview AI further after finding in 2021 that the US-based facial recognition software company breached privacy rules by scraping facial images from the web, but the regulator promised to weigh in soon on when the use of personal information to train AI could run afoul of privacy laws.
Law firm HWL Ebsworth is facing a representative complaint filed with the Office of the Australian Information Commissioner over a 2023 cyber attack, which allegedly compromised the data of 65 government agencies and affected NDIS participants.
Medibank failed to put in place baseline security measures, including multi-factor authentication, to safeguard sensitive information from a hacker in 2022, who stole an IT contractor’s credentials and logged in to the health insurer’s private network three months before the company learned its data was compromised, the OAIC says.
A judge overseeing several cases against Optus over a September 2022 data breach has raised the possibility of hearing a class action against the telco alongside new proceedings brought by the Australian Communications and Media Authority.
A judge has thrown out a self-represented customer’s lawsuit against non-bank lender Latitude Financial after he defaulted on court orders and refused to join tech giants DXC Technology and Crowdstrike to his case over a cyberattack that compromised 14 million customer records.