Monthly Archives: March 2015

Data Loss, Data Protection, Personal Information

World Leader’s PI leaked

The personal details of all 31 leaders at the recent G20 summit in Australia have been accidentally leaked by the Australian immigration department. Despite being notified of the high-profile breach four months ago, it neglected to inform anyone.

The details included passport numbers, visa details and other particulars of each leader at the summit.

Tony Abbott and Vladimir Putin cuddle koalas before the start of the first G20 meeting in November 2014. Photograph: Andrew Taylor/G20 Australia/Getty Images

In a letter obtained under Freedom of Information requests, it’s been revealed that a staffer at the G20 leaders summit staged in Australia last November mistakenly mailed a list of the leaders’ personal details to an official at the Asian Football Cup Local Organising Committee.

Although the information hasn’t been publicly exposed and is unlikely to be of use for nefarious purposes, not many people are likely to pretend to be Vladimir Putin or David Cameron. The damage is reputational and is certainly embarrassing for the Australian government. Ironically it had just recently passed controversial mandatory metadata retention laws.

Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2015

International Business Times article on the new Australian Bill and obligations of ISPs

The Guardian’s article on the new Australian Bill

 

 

 

Data Loss, Data Protection, Hacked

2014 – The Year of 1 Billion Data Record Losses

Gemalto the digital security services company and Safenet have released a report titled “2014 – Year of Mega Breaches & Identity Theft”

2014 Data Breaches Gemalto Infographic

The headline numbers make for sober reading. The number of data records loss jumped 78%, from about 575 million in 2013 to more than one billion in 2014.

In terms of time, in 2014 some 2,803,036 data records were lost every day, 116,793 every hour, 1,947 every minute and 32 every second. So figure in about the time it took to read the previous sentence, about 400 data records would have been stolen or lost based on the 2014 data breach statistics.

Despite the widespread availability of commercially and indeed open source encryption solutions as a means for protecting  information and privacy, only 58 of the data breach incidents in 2014, or less than 4% of the total, involved data that was encrypted in part or in full.

In short, companies and organisations are still not taking protection of data seriously. It’s likely to take the commensurate loss of revenue or regulatory fines, up to and including gaol time for things to start improving.

One catalyst for this may well be the EU General Data Protection Regulations, but there’s a lot of lobbying and compromises between the proposals and actual legislation. It may still revert back to being an EU Directive. Meanwhile our Personal Information is being  shared, sold and aggregated ad infinitum, that’s before it’s leaked and stolen !

Gemalto’s 2014 Data Breach Report