Government plans to ban companies from making ransom payments for data breaches


Home Secretary Clare O’Neil has confirmed the government is considering whether new laws are needed to stop ransom payments following the Medibank and Optus data breaches.

While Ms O’Neil said that while short-term successes were needed in cybersecurity reform following the massive hacks, other long-term outcomes were being considered, including a ban on ransom payments.

This follows the government’s launch of a high-tech law enforcement operation targeting the network of hackers behind the Medibank attack, which stole customers’ medical histories and private information.

“The way we look at the task of reform…is a bunch of quick wins, things we can do quickly, and defending the new police operation is one of them,” Ms O’Neil told the ABC. . Initiates on Sunday.

“There are very big political issues that we will need to think about and consult on, and we will do this in the context of the cybersecurity strategy.

“We will review (making ransom payments illegal).”

Ms O’Neil said Medibank was right not to pay the ransom demanded by the hackers, with those responsible for the breach threatening to release more data if the amount was not paid.

Federal police confirmed on Friday that Russian criminals were behind the attack on Australia’s largest private health insurer.

A permanent 100-officer cybercrime operation targeting hackers will be led by the Australian Federal Police and the Australian Signals Directorate.

“This is Australia standing up and fighting back,” Ms O’Neil said.

“We are not going to sit around while our citizens are treated in this way and allow there to be no consequences for it.

“We will offensively find these people, hunt them down and weaken them before they can attack our country.”

The minister said the response to cyberattacks needed to be improved, due to their number.

She said institutions like the NAB received 50 million attacks per month, while the tax office was subjected to three million per month.

“I don’t think anyone can promise that cyberattacks are going to go away and one of the things people need to understand is how relentless it is,” she said.

“We have to adapt our whole approach and our whole thinking to this new type of crime.”

Nearly 500,000 health claims were stolen along with personal information, as part of the Medibank breach.

The insurer has created a one-stop-shop for mental health and other support services that affected customers can access through its website.

Ms O’Neil said companies need to ensure better data security.

“What this is for us is a national vulnerability and what we need to ensure is that companies only hold the data for when it is actually needed and the data is otherwise disposed of,” a- she declared.


Comments are closed.