[AusNOG] Anonymous Threatens to Expose Data from an Australian ISP

Peter Adkins peter.adkins at kernelpicnic.net
Wed Jul 25 20:24:10 EST 2012


Even in a case where such a disclosure were required, it would stand to
reason that a grace period be provided in order to allow the affected
company time to investigate, and hopefully rectify, the issue(s) that lead
to the breach. Painting a target on ones back by announcing security
concerns to the world - before having an opportunity to resolve them - may
not be the best course of action and could very well lead to a compromise
on a larger scale.

This having been said, depending on the data stolen, it would be hard to
determine an acceptable period of time to "cover" the company affected; if
any. Protecting a company from damages in favour of their subscribers
personal and / or financial information doesn't sound too ethical in my
books. Conversely, allowing further damage by forcing disclosure could be
considered equally as dangerous / silly.

Back on topic: According to Twitter, and the previous news articles, some
of the data is about to be released (https://twitter.com/Op_Australia)

P.

On Wed, Jul 25, 2012 at 7:28 PM, Paul Wilkins <paulwilkins369 at gmail.com>wrote:

> Australian legislation currently makes no requirement to report a data
> breach (though there may be an obligation at common law).
>
> It's something legislators are considering:
>
>
> http://www.itnews.com.au/News/275598,data-breach-laws-to-follow-privacy-reforms.aspx
>
> Paul Wilkins
>
>
> On Wed, Jul 25, 2012 at 7:48 PM, Martin - StudioCoast <
> martin.sinclair at studiocoast.com.au> wrote:
>
>>  Does an ISP have a duty of disclosure for an information breach such as
>> this?
>> My view is that they have an ethical duty to inform customers but i'm not
>> aware of if there are actually any laws to this effect.
>>
>> If the hacker is telling the truth and the telco patched the
>> vulnerability then it seems likely they knew about it.
>>
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20120725/efd4ef61/attachment.html>


More information about the AusNOG mailing list