AUSTRALIA TO BAN RANSOMWARE PAYMENTS? TOP CYBERSECURITY NEWS FROM THE WEEK OF APRIL 10TH
What’s in the paper for this week’s top cybersecurity news? Data breaches have increased by a staggering 12.7% in Q1 2023, with the number of breached records increasing over threefold compared to the previous financial year. Cyberattacks have dramatically increased across all industries, with ransomware and Critical National Infrastructure (CNI) making the most headlines.
Here is the notable cybersecurity news from the week:
ChatGPT being pushed to meet regulations in Italy
On Wednesday, Italy’s data protection agency, Garante, issued a list of requirements that OpenAI must fulfil by April 30th to address concerns regarding the ChatGPT chatbot and to enable its reinstatement in the country.
Nearly two weeks ago, Microsoft-backed OpenAI removed ChatGPT from the Italian market, following Garante’s temporary ban on its personal data processing and an investigation into potential privacy rule violations.
Garante released a statement on Wednesday detailing a series of “concrete” demands to be satisfied by the end of the month. The agency stated that, upon completion of these requirements, the provisional restrictions on Italian user data would be suspended, allowing ChatGPT to be accessible in Italy once more.
OpenAI expressed appreciation for Garante’s decision on Thursday. A spokesperson told Reuters, “We are happy that the Italian Garante is reconsidering their decision and we look forward to working with them to make ChatGPT available to our customers in Italy again soon.”
Italy was the first Western European nation to impose restrictions on ChatGPT. The rapid advancement of this technology has caught the attention of lawmakers and regulators in multiple countries. Many experts argue that new regulations are necessary to manage artificial intelligence (AI) due to its potential implications for national security, employment, and education.
Hyundai discloses data breach in Italy and France
Hyundai has experienced a data breach affecting car owners in Italy and France, as well as customers who scheduled test drives. The breach resulted in unauthorized access to personal information, including email addresses, physical addresses, phone numbers, and vehicle chassis numbers of the affected individuals.
In a letter sent to those impacted, Hyundai Italy disclosed that an unauthorized third party had gained access to their customer database. The company has alerted the privacy watchdog and enlisted the assistance of external cybersecurity experts to assess the extent of the incident.
The letter also reassured recipients that no financial data had been exposed during the breach. The exact number of affected individuals remains uncertain at this time.
Three Canadian ports hit by a DDoS attack
On Wednesday, a cyber attack targeted the Port of Halifax in Nova Scotia, as well as the ports of Montreal and Quebec in the province of Quebec. Despite the attack, cargo operations continue uninterrupted at all three facilities, although their websites have been temporarily disabled.
CBC News reported that the Port of Halifax’s external websites fell victim to a denial-of-service attack. Port spokesperson Lane Farguson emphasized that their internal systems remain operational and unaffected. He stated, “Traffic continues to move through the Port of Halifax.”
Farguson also confirmed that no internal data had been compromised during the attack. Similarly, the websites of the Port of Montreal and Port of Quebec are currently offline, but both ports maintain that their operations have not been impacted and no data breaches have occurred.
Australian government being pushed to ban ransomware payments
The Australian government is facing calls to ban cyber ransom payments following a significant data breach and subsequent ransom demand at Latitude Financial, a local consumer lender. The breach exposed millions of driver’s license numbers, customer records, passport numbers, and financial statements.
Although the Australian Cyber Security Centre currently advises against paying ransoms, no laws prohibit firms from doing so. In response to the recent attack, Cyber Security Minister Clare O’Neil is considering outlawing ransom payments based on recommendations from a review of Australia’s cybersecurity strategy.
Cyber criminals cheat, lie and steal. Paying them only fuels the ransomware business model.
They commit to undertaking actions in return for payment, but so often re-victimise companies and individuals.
— Clare O'Neil MP (@ClareONeilMP) April 11, 2023
Dozens of Oakland ransomware victims unaware of SSN leak on the dark web
Oakland is grappling with a second data leak that has exposed the sensitive personal information of thousands of residents. The leak affects individuals who filed claims with the city alleging injury, including disabled veterans, social workers, and members of the U.S. Air Force.
The leaked information, which includes social security numbers, driver’s licenses, home addresses, and phone numbers, has been posted on the dark web, leaving many victims feeling vulnerable and in the dark. The incidents prompting these claims range from alleged false arrests to physical injuries resulting from interactions with the city, including claims of careless driving by the Oakland Police Department leading to back and neck injuries.
As residents face the risk of identity theft, the city continues to grapple with this significant breach of personal data.
For more cybersecurity news, insights and analysis, follow Code Red on Twitter and LinkedIn.