Between September 2022 and March 2023, Optus, Medibank and Latitude Financial all suffered massive breaches that resulted in the personal identifiable information (PII) of million of Australian adults being stolen and released by criminals. Data privacy for most Australians is dead.
Last month, another major Australian company was attacked. Qantas was one of several companies attacked by criminals who releasing more than 5 million customer records to the dark web and into the public domain. That data is available, according to one report, for just $27.
Between those four massive breaches, and the dozens of smaller ones reported to the Office of the Australian Information Commissioner (you can look back through the OAIC’s half yearly reports) it’s likely that almost every Australian adult’s PII has been compromised to some degree.
You can no longer rely on any company, large or small, to protect your data.
If everyone’s PII is compromised, do we care about mega breaches? Qantas, like any company that suffers a major breach, is likely to be investigated by regulators. But have we come to the point where the focus needs to shift from worrying about if our data will be stolen but on how to manage our security in a world where there are very few secrets?
Five things you can do to protect your data privacy
1. Reduce your online footprint
If you’ve been using the internet for a several years, you will have accumulated many online accounts. And, whenever you shop, chances are you’re asked to provide an email address and create an account to collect a discount on that first purchase. Think carefully about whether that 10% discount is really worth providing your personal data.
2. Use Hide My Email
If you have an iCloud account, you have access to a service called Hide My Email. Whenever you’re asked to provide your email address online, Hide My Email creates a unique email address that is specific to just that service. Any messages sent to that unique address will be forwarded to your mail iCloud address. If that user account is compromised you can easily deactivate the unique address via iCloud. This will stop spam and phishing messages from reaching you.
3. Always use a unique password for each service
Password managers, like Apple’s Passwords app can create, store and fill in complex passwords. A unique password means that if one service is hacked, a stolen password won’t lead to other accounts being breached.
4. Multi-factor authentication
Using an authenticator app, email or SMS to receive a second code that works alongside your password is a powerful weapon against a stolen or breached password.
5. Use Passkeys
Passkeys are cryptographic keys that are exchanged between users and systems. When you use a service like Sign in with Apple, that leverages Face ID or TouchID, to log in, you are exchanging a cryptographic key that validates who you are. The key only works once so, even if it’s intercepted, it can’t be reused.
Anthony is the founder of Australian Apple News. He is a long-time Apple user and former editor of Australian Macworld. He has contributed to many technology magazines and newspapers as well as appearing regularly on radio and occasionally on TV.