SMH - Technology

Australian companies bungling how they communicate cyberattacks
Posted: 2022-10-22 05:02:07
Original link: https://www.smh.com.au/technology/energyaustralia-struck-by-cyber-attack-attacking-weakness-in-password-rules-20221022-p5bryn.html?ref=rss&utm_medium=rss&utm_source=rss_technology

Potter said EnergyAustralia would be “getting the full scrutiny of the market” because of recent cases where other companies had mishandled communication about data breaches.

On Thursday, Medibank Private admitted that hackers had stolen sensitive health information from 1 million customers, after initially stressing it had no evidence that sensitive information had been accessed.

Earlier this month, Optus fell prey to one of the biggest data breaches in Australian history, involving 9.8 million customers, prompting fury from the Albanese government. The telecommunications company described it as a sophisticated attack, but Home Affairs Minister Clare O’Neil and most cyber-security experts have disputed this.

Loading

The wave of cyberattacks on corporate Australia has thrust the issue into the national spotlight, prompting the government to promise urgent reform that could increase fines for privacy breaches.

Potter said companies should learn from international experience, take time for a full investigation before rushing out statements that might turn out to be inaccurate, and use a crisis communications adviser who specialises in cyber-security.

“The pressure when these things go wrong, is just get out and say something,” he said.

“But then [the CEO] gets an incomplete briefing, they [make a statement], and that becomes the truth they have to defend for the next two weeks.

Cyber-security journalist Jeremy Kirk said delivering bad news was always difficult and though the trend was for customers to want more transparency, “you almost don’t win either way”.

“All companies make a mistake if they don’t practise this stuff,” Kirk said. “Mature companies have a playbook for what they’re going to do if an incident happens.”

An EnergyAustralia spokesperson said the company had not been in contact with the hackers, but picked up suspicious activity in routine monitoring and investigated further. They then discovered a bot, or automated software, accessing guessing passwords and accessing accounts through the portal, which is a relatively common and unsophisticated attack.

The spokesperson said the company shut down the MyAccount portal immediately to stop more accounts being compromised and could see from reviewing the logs exactly how many accounts had been accessed already.

The information available when customers are logged into the portal includes name, address, and electricity or gas usage. The company says no other EnergyAustralia systems were affected.

The Morning Edition newsletter is our guide to the day’s most important and interesting stories, analysis and insights. Sign up here.

View More
  • Share
  • 0 Comment(s)
  • Favorite

Read On:

AI hype, 3G shutdown drive bumper smartphone sales - 2024-10-06 13:01:00
‘God-like’ coding educator accused of harassment - 2024-10-04 19:00:00
We haven’t reinvented the wheel, so why the toilet flusher? - 2024-10-03 09:30:00
‘End of the world’: The Apple change that has flown under the radar - 2024-10-02 20:23:44
Seeing beyond the surface: digital trust emerges as key issue - 2024-10-01 02:30:00
How Medibank joined Optus in hack hell - 2022-10-21 08:45:00
Hey Alexa, why are you female? - 2022-10-21 03:31:05
Four million Australians could be exposed in Medibank hack - 2022-10-20 20:14:02
What we know about Medibank hack, and what should customers do? - 2022-10-20 07:58:39
‘Dog act’: Medibank hackers have customers’ treatment, diagnosis information - 2022-10-20 03:32:37
Report this news
Captcha Challenge
Reload Image
Type in the verification code above