Australia Invites Cyber Criminals, Says Data Theft Victim Service

SYDNEY, Australia (Reuters) – An Australian government-backed identity theft service has criticized a plan for tougher privacy laws in the wake of an unprecedented surge of online data theft. It said that it would encourage compromised companies to pay a ransom or invite more hacking.

IDCare, an organisation that assists victims of internet crimes, has said that by making it easier to fine companies who have poor data security, and not criminalising ransom payments, Australia could inadvertently be fueling a cybercrime wave.

The message was contained in a submission that was not published, but reviewed by Reuters. It is addressed to the Attorney General who is updating privacy laws for the Internet age, just as the country has experienced a surge in data thefts of large scale, which the government claims have affected almost every family.

IDCare's submission stated that "Australian governments and businesses are increasingly being targeted by ransomware attack because we pay."

IDCare will have a major impact on a review of the privacy laws by the government. This is expected to make it easier for companies to be fined or sued if they fail to protect their customers' data. IDCare has also become one of Canberra’s most trusted referral groups that helps victims of cybercrime.

Canberra increased the maximum penalty for companies who fail to stop data theft from A$2.2million to A$50million ($34million) after the first major incident in October when 10 million customer accounts of No. Singapore Telecommunications' Optus 2 was the victim of a data breach.

The government now considers making it easier for individuals to sue if they believe that their personal information has been stolen.

IDCare stated that by threatening massive fines Australia would force businesses to decide whether they want to pay A$1,000,000, the average cost of a demanded ransom, or notify the authorities, and risk a penalty of up to A$50,000,000.

Australia has declared that it is "open for business" in terms of ransomware.

IDCare reported that Australia ranked fifth in the world for data theft, based on its population and economy.

It said that "without rules to bar or discourage ransom payment, it is unlikely ransomware group targeting our organizations will curtail their activity".

A spokesperson for Attorney General Mark Dreyfus stated that the government had taken swift action to increase penalties in response to large-scale breaches of data and would review 116 proposals as part of a privacy law review before taking further steps.

The Office of the Australian Information Commissioner stated that its approach to seeking penalties or setting up new rules will be "pragmatic and evidence-based".

DEMAND SPIKES

IDCare said that since Australia made it mandatory for companies to disclose data breaches in 2018, the demand for their services has exploded.

In less than a month after the Optus hacking, Medibank Private Ltd, a leading health insurer, revealed that millions of accounts were compromised and potentially sensitive medical data from hundreds of thousands people was stolen.

Last month, Latitude Financial Group Holdings Ltd., a consumer financing provider, reported that hackers had stolen data from 14 million accounts of customers over a period of nearly 20 years.

IDCare is a service that coaches customers on how to close down accounts, notify relevant service providers and prevent losses.

IDCare's chief commercial officer Mark Rowley, told Reuters that in order to reduce the number of calls from people who have been affected by breaches, it now creates "major incidents" websites.

The company also plans to add a support center in Sydney to the existing centres in Brisbane and Perth, as well as in New Zealand. It will also increase its staff from 40 to 60.

Rowley stated that "there's no doubt the ongoing data incidents have continued since October last year, if they haven't escalated. It's therefore really necessary to accelerate plans."

"I don't believe that any of us in Australia planned events of this magnitude for this year."