Rising Data Breaches Suggest We’re Losing the Battle

computer showing cybercrime

Identity and money theft through social engineering has intensified this year. Photo: File.

Have you heard of social engineering? In the context of information security, social engineering is defined as the use of deception to manipulate individuals and institutions into disclosing confidential or personal information that can be used for fraudulent purposes.

Phishing attacks against online accounts constitute a form of social engineering in the sense of information security.

The same goes for someone calling a government agency and pretending to be someone else in an attempt to access personal information and steal their money, benefits and identity if the attempt succeeded.

According to a Goalkeeper Australia In a report released this weekend, Services Australia reported 49 data breaches resulting from social engineering as of early July 2024, which is more than 440% more than the nine social engineering breaches reported by the agency for the whole of 2023.

Prior to this, only one social engineering breach was reported each year in 2020, 2021 and 2022.

This is a massive increase in data breaches against the agency responsible for managing benefits and reimbursements for millions of Australians, as well as collecting and storing their identification data and bank accounts.

According to the TutorAccording to the Services Australia report, the rise of social engineering is largely due to people using someone else’s personal information that was stolen in data hacks elsewhere.

“The vast majority are the result of customer information being compromised as a result of previous third-party data breaches occurring in Australia and overseas, as well as small-scale identity theft or phishing scams. large-scale and mail theft,” said Services Australia’s chief executive. Hank Jongen reportedly said.

“The increase in reportable data breaches in recent years across industry and government reflects the growing trend of fraudsters posing as organizations and targeting individuals to steal login credentials and other personal information.

More than 14,000 Australians were informed in the 2023-24 financial year that their data held by the agency had potentially been accessed illegally – again, a significant jump from previous years.

So it’s official, the scammers win.

Government agencies struggle to keep track of the goals of bad actors at home and around the world.

They steal data wherever they can, then use that personal information to steal elsewhere whenever they can.

The rise of Services Australia can almost certainly be attributed to the recent huge data attacks against Medibank and MediSecure.

The MediSecure data breach alone affected approximately 12.9 million Australians.

Australian Privacy Commissioner Carly Kind outlined the seriousness of the problem for government and the private sector.

Latest statistics from the Office of the Australian Information Commissioner (OAIC) ​​show the number of data breaches reported to it in the first half of 2024 was at its highest level in three and a half years.

The OAIC was informed of 527 data breaches between January and June 2024, according to the latest report on notifiable data breaches published in September.

This is the highest number of notifications since July to December 2020 and an increase of 9% compared to the second half of 2023.

Governments and the health sector were the main targets.

Commissioner Kind said the high number of data breaches demonstrates the significant threats to Australians’ privacy.

“Almost every day my office is made aware of data breaches in which Australians are likely to suffer serious harm,” the commissioner said.

“These harms can range from an increase in scams and the risk of identity theft to emotional distress and even physical harm.

“Privacy and security measures are not keeping up with the threats to Australians’ personal information, and addressing this issue must be a priority.”

This is the take-home message: anti-scam measures are not keeping pace with threats and the number of successful scam incidents.

The government seems helpless. It’s difficult, but it’s an uphill battle and, so far, a losing one.

New laws, such as Privacy and Other Laws Amendment Bill 2024means nothing to malicious players.

The same goes for sanctions imposed on companies with failing security systems.

Yes, better security and smarter data encryption should be encouraged and enforced. This all helps.

“We would like to see all Australian organizations required to incorporate the highest levels of security into their operations to protect the personal information of Australians wherever possible,” Commissioner Kind said.

Listen, listen, but hackers operate outside of all rules and regulations.

It’s called social engineering, and it’s quickly becoming one of the biggest uncontrollable threats facing the nation.