Skip Links

Paradise lost: a decade of data breaches

By Darren Pauli, Computerworld Australia
April 18, 2010 08:22 PM ET

Computerworld Australia - Do you think the moat around Australia extends around your business and hackers won’t target you? It doesn’t, and research says data breaches will be the elephant-in-the-conference-room at your next IT meet.

Australia has to date been sheltered from much of the painful data breach disclosure laws sweeping the world, and organisations here appear to have avoided the high-profile hacks that have plagued others over the last decade. But are we as lucky as it would appear?

No. For starters, the seas that girt Australia offer illusionary security, according to Gartner. Research vice-president, Rich Mogull said Australian organisations are being hacked and losing data. “It’s just hidden,” Mogull said. Moreover, he said, we are in a worse position than others because of our close proximity to Asian countries where data breaches are rife.

A recent investigation into 16 organisations by privacy and data protection research firm, the Ponemon Institute, revealed that the average cost of a data breach incident in Australia is $2 million, or $123 per lost record. It equates to more than 16,000 lost records per breach. The most expensive single local breach topped $4 million, the cheapest went for $410,000, with 3300 to 65,000 records pinched or lost each time. Hacking was behind almost half of the attacks.

In March, that the account details of 42,000 St George Bank customers were sent to the wrong clients thanks to a glitch by outsourcer, Salmat. The incident followed embarrassing admissions by Medicare to The Australian newspaper of 234 serious data privacy breaches by employees in 2007. Meanwhile, Federal Finance Minister, Lindsay Tanner, is preparing to review mandatory data breach disclosure laws as recommended by the Australian Law Reform Commission (ALRC) in its Privacy Act Review. The controversial changes are expected to be put on ice at least until the federal election has passed.

In the US, two-thirds of companies which suffered a major breach in 2009 had evidence of the intrusion in their logs, but failed to notice, according to a Verizon business risk team report of 500 forensic data breach investigations.

Only 564 convictions were secured for 800 arrests of consumer identity theft in 2007, from a total of 8835 criminal cases opened that year. Gartner puts “a conservative estimate” of the chance of an identity theft criminal being arrested and convicted is “much less than a half of 1 per cent”. Time for a career change? You wouldn’t; you’re the good guy.

Computerworld presents a list of some of the worst data breaches over the last decade.

Next page: The list ---pb--- January 2000: CD Universe breached by hackers. The company refuses to pay a $100,000 ransom for stolen credit card numbers, and news of the breach is leaked. Number of cards stolen: 350,000.

November 2000: Travelocity screws up Web-facing access controls and publicly exposes customer details. Number of records exposed: 51,000

March 2001: Amazon-owned service website, Bibliofind.com, is breached. Number of customer records compromised: 98,000

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News