1 00:00:00,040 --> 00:00:01,920 Speaker 1: There is a concern I think right around the nation, 2 00:00:02,120 --> 00:00:06,840 Speaker 1: but particularly if you are a Medibank customer. So a 3 00:00:06,960 --> 00:00:10,800 Speaker 1: major cybersecurity incident occurred at Medibank Private, just weeks after 4 00:00:10,880 --> 00:00:14,320 Speaker 1: one third of Australians had their information held to ransom 5 00:00:14,600 --> 00:00:18,000 Speaker 1: in the OPTAs Starter breach. Now, as one of Australia's 6 00:00:18,000 --> 00:00:22,639 Speaker 1: biggest health insurance providers, Medibank holds information that includes intimate 7 00:00:22,680 --> 00:00:27,040 Speaker 1: medical records, making that breach well, I guess even more 8 00:00:27,080 --> 00:00:29,840 Speaker 1: serious than the Optus hack in a lot of ways. 9 00:00:30,080 --> 00:00:31,840 Speaker 1: Now joining me on the line to give us some 10 00:00:31,880 --> 00:00:34,919 Speaker 1: detail about really how we can protect ourselves and our 11 00:00:35,080 --> 00:00:39,599 Speaker 1: rights is the Northern Territories Deputy Commissioner for Consumer Affairs, 12 00:00:39,920 --> 00:00:44,800 Speaker 1: Rebecca Davy. Good morning to you, Rebecca. Let me try 13 00:00:44,840 --> 00:00:49,640 Speaker 1: that again. Good morning again, Rebecca. 14 00:00:48,120 --> 00:00:49,440 Speaker 2: Good morning Katie. How are you? 15 00:00:49,520 --> 00:00:52,920 Speaker 1: Yeah, very well, sorry, bit of a technical issue, operator error, 16 00:00:52,960 --> 00:00:59,920 Speaker 1: I think you call those ones idea No all good now, Rebecca. 17 00:01:00,120 --> 00:01:03,600 Speaker 1: How concerning is this latest situation with Medibank? 18 00:01:06,480 --> 00:01:10,920 Speaker 2: Of course, I think any incident where people's personal information 19 00:01:11,280 --> 00:01:13,319 Speaker 2: has been stolen and is now in the hands of 20 00:01:13,360 --> 00:01:18,080 Speaker 2: criminals is very concerning. I think, just off the back 21 00:01:18,120 --> 00:01:23,360 Speaker 2: of the Optus incident. This one that looks like at 22 00:01:23,400 --> 00:01:26,039 Speaker 2: the moment anyway, it's not quite as big as the 23 00:01:26,080 --> 00:01:29,640 Speaker 2: optus problem. Yeah, and hopefully a lot less people have 24 00:01:29,800 --> 00:01:32,600 Speaker 2: been affected, but it's still very concerning if you're one 25 00:01:32,640 --> 00:01:33,360 Speaker 2: of those people. 26 00:01:33,840 --> 00:01:36,360 Speaker 1: Yeah, and I would suspect that pretty concerning as well, 27 00:01:36,400 --> 00:01:39,800 Speaker 1: given the fact that it, you know, this breach does 28 00:01:39,840 --> 00:01:41,240 Speaker 1: contain health information. 29 00:01:42,640 --> 00:01:46,880 Speaker 2: That's right. You know, a person's medical information is very private, 30 00:01:47,880 --> 00:01:50,440 Speaker 2: and I think most people will be very concerned about 31 00:01:50,440 --> 00:01:55,040 Speaker 2: their medical information being in the hands of criminal Yeah, 32 00:01:55,320 --> 00:01:59,919 Speaker 2: not just you know, on top of that, your identity, 33 00:02:01,360 --> 00:02:03,880 Speaker 2: you know, detailed being stolen, which could be used for 34 00:02:04,040 --> 00:02:08,720 Speaker 2: financial crimes as well. So both those things would leave 35 00:02:08,760 --> 00:02:09,920 Speaker 2: you feeling very vulnerable. 36 00:02:10,360 --> 00:02:14,239 Speaker 1: And Rebecca, is this something that that NT Consumer Affairs 37 00:02:14,320 --> 00:02:16,720 Speaker 1: have been contacted about by territorians. 38 00:02:18,520 --> 00:02:22,760 Speaker 2: Not really, we're not the first point of call, although 39 00:02:22,800 --> 00:02:26,240 Speaker 2: we can certainly take enquiries and we can refer you 40 00:02:26,280 --> 00:02:27,680 Speaker 2: to the to the right place. 41 00:02:28,440 --> 00:02:31,080 Speaker 1: What are the options for territory instead of listening this 42 00:02:31,160 --> 00:02:34,720 Speaker 1: morning who've maybe been contacted by medibank and they're not 43 00:02:34,880 --> 00:02:37,560 Speaker 1: really sure what to do or not really sure if 44 00:02:37,600 --> 00:02:40,919 Speaker 1: their data has been breached or exactly what's going on. 45 00:02:42,520 --> 00:02:47,080 Speaker 2: Yeah, so maybe Bank released the statement last Thursday saying 46 00:02:47,120 --> 00:02:51,240 Speaker 2: that they will be contacting anyone that have been affected 47 00:02:51,240 --> 00:02:54,360 Speaker 2: by this. So hopefully if you have been you should 48 00:02:54,360 --> 00:02:58,440 Speaker 2: have been contacted by any bank. Although the investigation is ongoing, 49 00:02:58,520 --> 00:03:01,919 Speaker 2: the Australian Federal College and Hour involved, so it is 50 00:03:01,960 --> 00:03:07,120 Speaker 2: an evolving investigation and certainly if you have any concerns 51 00:03:07,160 --> 00:03:10,240 Speaker 2: at all, I would first be making contact with Medibank 52 00:03:11,480 --> 00:03:14,639 Speaker 2: and getting some information about whether any of your data 53 00:03:14,720 --> 00:03:19,960 Speaker 2: has been stolen. Some other advice we would give to 54 00:03:20,040 --> 00:03:25,639 Speaker 2: people is to think about and be very vigilant now 55 00:03:25,680 --> 00:03:31,480 Speaker 2: about any online scams, particularly those referencing Medibank Private or 56 00:03:31,520 --> 00:03:34,400 Speaker 2: any unusual emails or text messages you might get. 57 00:03:34,720 --> 00:03:37,360 Speaker 1: Yeah, that's a really good points. Do you know if 58 00:03:37,400 --> 00:03:41,200 Speaker 1: there have sort of been any reports of that kind 59 00:03:41,240 --> 00:03:42,440 Speaker 1: of thing happening as yet. 60 00:03:43,440 --> 00:03:47,200 Speaker 2: I'm not aware of any as yet, but going on 61 00:03:47,240 --> 00:03:50,800 Speaker 2: what happened with Optus, within a few days, people were 62 00:03:50,840 --> 00:03:57,320 Speaker 2: getting text messages referencing the Optus incident, and so I 63 00:03:57,320 --> 00:04:01,240 Speaker 2: would be very wary of that. Will never contact you 64 00:04:02,120 --> 00:04:06,840 Speaker 2: via text message, So if you're getting anything suspicious email, 65 00:04:07,040 --> 00:04:10,840 Speaker 2: text message, I would just ignore it. I think the 66 00:04:11,320 --> 00:04:14,320 Speaker 2: next best thing that anyone can do is hop onto 67 00:04:14,320 --> 00:04:19,119 Speaker 2: the Australian Cyber Security Center website. They have some really 68 00:04:19,120 --> 00:04:23,080 Speaker 2: good resources on there. In particular, they have one called 69 00:04:23,120 --> 00:04:26,279 Speaker 2: have You Been Hacked. It's a tool that will guide 70 00:04:26,320 --> 00:04:30,359 Speaker 2: you through a series of scenarios trying to help you 71 00:04:30,400 --> 00:04:33,080 Speaker 2: assess if you have been hacked, and it'll give you 72 00:04:33,120 --> 00:04:35,400 Speaker 2: advice about what to do next if any of those 73 00:04:35,400 --> 00:04:37,039 Speaker 2: scenarios might apply to you. 74 00:04:37,600 --> 00:04:39,880 Speaker 1: Yeah, and it's I guess it's quite frightening for a 75 00:04:39,880 --> 00:04:42,599 Speaker 1: lot of Territorians, a lot of Assies more generally, not 76 00:04:42,760 --> 00:04:45,080 Speaker 1: just in terms of Medibank, but also in terms of 77 00:04:45,080 --> 00:04:48,080 Speaker 1: what had happened with Optus. And you know, you sort 78 00:04:48,080 --> 00:04:51,560 Speaker 1: of you give your details over to certain organizations and 79 00:04:51,600 --> 00:04:53,520 Speaker 1: you never expect that you're going to wind up in 80 00:04:53,520 --> 00:04:54,200 Speaker 1: this situation. 81 00:04:55,839 --> 00:04:58,880 Speaker 2: No, not at all. I mean I myself was caught 82 00:04:58,960 --> 00:05:01,480 Speaker 2: up in the Optus one and it at leads you're 83 00:05:01,480 --> 00:05:05,520 Speaker 2: feeling very worried, and you suddenly think about all the 84 00:05:05,560 --> 00:05:10,240 Speaker 2: different ways you give your personal information out and certainly 85 00:05:10,279 --> 00:05:13,960 Speaker 2: when you do that, we often don't think about the 86 00:05:14,000 --> 00:05:17,960 Speaker 2: potential risk of that. So I probably just advise people 87 00:05:17,960 --> 00:05:20,599 Speaker 2: to to be a little bit more aware of who 88 00:05:20,600 --> 00:05:23,960 Speaker 2: you're giving your information to and if there really a 89 00:05:24,000 --> 00:05:27,360 Speaker 2: need for them to have that information as well. I 90 00:05:27,440 --> 00:05:31,839 Speaker 2: think there's mounting pressure on businesses, especially large corporations, to 91 00:05:31,920 --> 00:05:35,360 Speaker 2: do more to protect personal information as a hold, yep, 92 00:05:36,320 --> 00:05:37,960 Speaker 2: and you know, we have a right to expect that 93 00:05:38,040 --> 00:05:39,480 Speaker 2: it will be protected. 94 00:05:40,120 --> 00:05:43,039 Speaker 1: Yeah, you spot on, And you know, like we not 95 00:05:43,160 --> 00:05:46,119 Speaker 1: only sort of give our information over for various different things, 96 00:05:46,160 --> 00:05:48,360 Speaker 1: but you're so right that we expect that it's going 97 00:05:48,400 --> 00:05:51,800 Speaker 1: to be protected, and it's really concerning for people then 98 00:05:51,920 --> 00:05:55,360 Speaker 1: when that private information is yeah, is breached. 99 00:05:56,560 --> 00:05:59,440 Speaker 2: Yeah, very concerning, And I think it's something that the 100 00:05:59,480 --> 00:06:04,679 Speaker 2: federal goal and it's taken quite seriously. They recently advised 101 00:06:04,760 --> 00:06:08,280 Speaker 2: of a couple of different legislative changes that they're proposing, 102 00:06:10,240 --> 00:06:12,320 Speaker 2: you know, really as a result of what happened with 103 00:06:12,400 --> 00:06:17,240 Speaker 2: Optis and now Medibank. They're introducing a bill to increase 104 00:06:17,240 --> 00:06:20,279 Speaker 2: the maximum penalties under the Privacy Act for breaches of 105 00:06:21,360 --> 00:06:26,000 Speaker 2: serious or repeated privacy breaches. At the moment, the current 106 00:06:26,440 --> 00:06:30,039 Speaker 2: penalty is only two point two million dollars, which you 107 00:06:30,080 --> 00:06:33,960 Speaker 2: can imagine to a large corporation like OPTAs is not 108 00:06:34,080 --> 00:06:37,520 Speaker 2: much of a deterrent to be putting resources into protecting information. 109 00:06:37,760 --> 00:06:41,599 Speaker 1: Yeah, that is so very true. And Rebecca, obviously you've 110 00:06:41,600 --> 00:06:44,080 Speaker 1: touched on OPTAs, so we've also touched on manibank. Have 111 00:06:44,160 --> 00:06:46,760 Speaker 1: there been many territori ins sort of contacting you since 112 00:06:46,880 --> 00:06:49,880 Speaker 1: that last OPTUS breach? I know that you said anti 113 00:06:49,920 --> 00:06:52,520 Speaker 1: consumer affairs probably isn't the first point of call for 114 00:06:52,600 --> 00:06:55,720 Speaker 1: a lot of people. But has there been much, you know, 115 00:06:55,920 --> 00:06:58,920 Speaker 1: much of an increase in those calls coming to consumer affairs. 116 00:07:00,120 --> 00:07:03,000 Speaker 2: No, we haven't really received too many at all. I 117 00:07:03,040 --> 00:07:06,360 Speaker 2: think there's what I will say is that there has 118 00:07:06,440 --> 00:07:08,479 Speaker 2: been a lot of information put out there about what 119 00:07:08,600 --> 00:07:13,240 Speaker 2: to do in terms of contacting IT office or medibank, 120 00:07:13,560 --> 00:07:19,280 Speaker 2: hopping onto the Australian Cybersecurity Center, securing a devices, enabling 121 00:07:19,320 --> 00:07:22,960 Speaker 2: that multi factor authentication. So there's a lot of information 122 00:07:23,080 --> 00:07:27,280 Speaker 2: out there for consumers to access and by any means, 123 00:07:27,360 --> 00:07:30,680 Speaker 2: if you're a little overwhelmed with all that information out there, 124 00:07:30,960 --> 00:07:34,280 Speaker 2: it can be quite overwhelming. There's a number of agencies 125 00:07:34,320 --> 00:07:36,480 Speaker 2: that you can go to for various different things, but 126 00:07:36,520 --> 00:07:38,760 Speaker 2: if you have any questions, please call us and we 127 00:07:38,800 --> 00:07:41,320 Speaker 2: can refer you to the right to the right agency 128 00:07:41,400 --> 00:07:42,240 Speaker 2: for your situation. 129 00:07:42,680 --> 00:07:47,480 Speaker 1: Well INT Deputy Commissioner for Consumer Affairs, Rebecca Davey. We 130 00:07:47,560 --> 00:07:49,760 Speaker 1: really appreciate your time this morning. Thanks for having a 131 00:07:49,840 --> 00:07:52,320 Speaker 1: chat with us. 132 00:07:51,280 --> 00:07:53,360 Speaker 2: Not a problem. Thank you for having me Katie, thank 133 00:07:53,400 --> 00:07:53,760 Speaker 2: you