Travel insurer hacked: Implications under the Privacy Act 1988 (Cth)
Anyone paying attention will have observed that data breaches have become increasingly common place in Australia. In January 2015, news reports emerged of the recent cyber attack on Aussie Travel Cover (ATC). The ATC cyber attack led to 770,000 personal data entries being compromised.
In this article, Andrew Moore and Jack Geng examine the impact of the ATC mass data breach and consider the general implications of the cyber attack under the Privacy Act 1988 (Cth), including:
- the risk of regulatory investigations;
- the defence of ‘reasonable steps’; and
- the risk of civil penalties and the financial costs associated with mass data breaches.
This publication is intended to provide commentary and general information. It should not be relied upon as legal advice. Formal legal advice should be sought in particular transactions or on matters of interest arising from this publication. Persons listed may not be admitted in all states and territories.