In the weeks following the successful completion of Privacy Awareness Week across the Australian market and Privacy Week across the Aotearoa New Zealand market, it feels like the battle to protect our personal data and promote best practices in privacy data governance has leveled up as we see more major hacks announced.
In Australia, consumers wishing to buy tickets to attend most major sporting events, concerts and major attractions are forced to transact through one of the major promoters and ticket providers, Ticketmaster — owned by Live Nation — or Ticketek — owned by TEG. It now appears that both these organizations have been subject to ransomware hacks in recent weeks and personally identifiable information has been compromised and published on the dark web.
Australia's National Cyber Security Coordinator, Lieutenant General Michelle McGuinness, told The ABC that Ticketek advised her of the incident, and the Australian Signals Directorate and Australian Federal Police were also aware of the incident.
According to initial information, Home Affairs Minister Clare O'Neil said the breach potentially affected many Australians, adding recent breaches highlight the need for companies to alert affected customers quickly and extend support.
"I'd ask Australians to be especially vigilant and on the lookout for scams during a time like this … including phishing emails," she said. "Be on the lookout for suspicious emails and contact cyber.gov.au for support and to report incidents."
While these incidents were being reported and play out, online e-prescription services provider MediSecure reported a May data breach that originated through a third-party vendor via a post to its website. The breach reportedly impacted personal information and prescription-related data.
The Office of the Australian Information Commissioner is already incredibly busy, working to investigate several major breaches over recent years and these new incidents will only add to that workload. They will also raise the level or awareness and importance among the public and government officials of the need for a well-resourced and fully operational privacy regulator.
Speaking before the Legal and Constitutional Affairs Legislation Committee, acting Australian Information Commissioner Elizabeth Tydd said, "Turning to privacy, we continue in our efforts to shift to a more proactive and enforcement-focused regulatory posture, and we have made significant progress against the 4 major investigations we have on foot. We have initiated 7 investigations this financial year."
As we move toward the anticipated August tabling of the next tranche of the Privacy Act reform bills in Australian Parliament, the important work of privacy professionals to uplift their organizations and build on customer trust and safety seems more important than ever.
On a personal note, I'm looking forward to joining many of my APAC colleagues at the IAPP Asia Privacy Forum in Singapore 17-18 July. I hope to meet many of you and build new friendships and connections across the region while there.
Adam Ford is IAPP managing director, Australia and New Zealand.