Warnings massive Equifax data hack could be replicated in Australia

Credit cards by different private companies being held by a hand in Berlin, Germany, 18 August 2017. Source: AAP

EXCLUSIVE: Australian credit organisations, retailers and superannuation clearing houses could be tempting, data-rich targets for hackers, cybersecurity experts have warned.

The warning comes in the wake of a massive hack on the US credit monitoring company Equifax, which exposed sensitive personal information of 143 million Americans.

The lesser-known company is a credit bureau that provides information to lenders when they are deciding whether to approve loans for cars, credit cards and homes.

Cybersecurity experts are warning similar companies in Australia could be vulnerable to cyberattack, and customers are unaware of the risk to their data.

“In Australia, everybody has superannuation and everybody knows about the big funds,” said Itay Glick, founder of the cybersecurity firm Votiro.

“But people are less aware of the clearing houses, which also hold a lot of details about almost everyone who has a superannuation fund,” he told SBS World News.

“Hackers just got really, really clever to find a [company] that holds a lot of data and might not be aware that they are targeted, because they are under the radar.”

Retailers like Woolworths and Coles that now offer credit cards could also be tempting targets for hackers, Mr Glick warned.

Nigel Phair, a leading Australian cybercrime expert and former AFP investigator, said Australia’s big four banks had a mature approach to security and had invested reasonably heavily in protections.

But he said rewards schemes like Flybuys were also “really rich” sources of personal customer data.

“There’s going to be more of this going on,” Mr Phair said.

Mr Phair said the Turnbull government’s laws that will force companies to report data breaches, which will come into effect in February, would help to protect consumers by letting them know immediately when their information had been compromised.

But he said the 28-day reporting window was too long, and “should be more like 72 hours”.

He urged Australian businesses, especially those holding vast volumes of personal data, to invest more heavily in data security.

“Most Australian institutions are underprepared,” Mr Phair said.

“The message is they need to invest in cybersecurity and that investment needs to be relative to the types of data they hold.”

Mr Glick agreed there were solutions available, encouraging companies to invest in encrypted storage.

Mr Phair said companies needed better incentives to delete customer data they were not actively using, rather than holding on to it out of convenience. 

Equifax has warned that hackers may also have some "limited personal information" about British and Canadian residents. The company doesn't believe that consumers from any other countries were affected.

Stay up to date with SBS NEWS

  • App
  • Subscribe
  • Follow
  • Listen
  • Watch