The lessons from the Medibank and Optus data breaches are vast, varied and vital. The first in a five part series argues that we lost our way figuring out why and when data loss matters
The optus leak seems to have been a test installation using the whole, unmodified production data set. Masking or hashing personal information such as licence numbers, passport numbers in test environments should be universal. Names & addresses too.
The Medibank leak seems to have involved getting the password of a privileged user.
I was told in training that personal medical histories were worth $500 on the dark web. I questioned that. Now the hackers have dumped millions of them for nothing.
Let's wind back the criticism for getting treatments.