Anyone paying attention will have observed that data breaches have become increasingly common place in Australia. In January 2015, news reports emerged of the recent cyber attack on Aussie Travel Cover (ATC). The ATC cyber attack led to 770,000 personal data entries being compromised.
In this article, Andrew Moore and Jack Geng examine the impact of the ATC mass data breach and consider the general implications of the cyber attack under the Privacy Act 1988 (Cth), including:
- the risk of regulatory investigations;
- the defence of ‘reasonable steps’; and
- the risk of civil penalties and the financial costs associated with mass data breaches.