Latitude Group takes a stand against ransom demanded by cyber attackers
Australia is no stranger to cyber-attacks, with several companies reporting incidents over the past few months. One of the latest targets was consumer finance firm Latitude Group Holdings Ltd, which suffered a significant data breach last month, with hackers stealing almost 8 million Australian and New Zealand driver’s license numbers. Despite the severity of the attack, Latitude has stated that it will not pay a ransom to the cyber criminals responsible, citing the potential harm to customers and the wider community.
In a statement released on Tuesday, Latitude stated that it would not reward criminal behaviour and that paying a ransom would not result in the return or destruction of the stolen information. The company’s decision not to pay the ransom is commendable, as it sends a clear message that such behaviour will not be tolerated. However, this stance is not without its critics, with some suggesting that it may lead to further attacks.
The cyber security industry in Australia is understaffed, and experts believe that this is one of the reasons why there have been so many cyber-attacks recently. With more and more companies falling victim to cybercrime, there are concerns that this trend will continue unless action is taken to address the root causes of the problem.
One proposed solution is to toughen privacy laws to make it easier to fine or sue companies that fail to protect customer data. This idea has been met with resistance from some quarters, with critics arguing that it could encourage companies to pay ransoms to cyber criminals, thereby fuelling a cyber-crime wave.
IDCare, a non-profit organization that helps internet crime victims, has been particularly vocal in its opposition to the proposed changes to privacy laws. In an unpublished submission to the attorney general, reviewed by Reuters, IDCare argued that by making it easier to fine companies for poor data security and failing to criminalize ransom payments, Australia may inadvertently be encouraging more cyber-attacks.
IDCare’s views on this matter carry significant weight, as it has become one of Canberra’s go-to referral groups to help victims of cyber-crime. The organization’s submission to the attorney general highlights the risks associated with paying ransoms to cyber criminals, and the potential for this to fuel further attacks. IDCare also argues that the proposed changes to privacy laws may not be enough to address the root causes of the problem, and that more needs to be done to strengthen the cyber security industry in Australia.
The debate around privacy laws and cyber security is a complex one, with no easy solutions. On the one hand, it is important to protect the privacy and security of individuals’ data, and to hold companies accountable for failing to do so. On the other hand, there is a risk that toughening privacy laws could inadvertently encourage companies to pay ransoms to cyber criminals, and thereby fuel a cyber-crime wave.
Ultimately, the key to addressing this issue lies in a multifaceted approach that considers the need to strengthen the cyber security industry in Australia, while also ensuring that companies are held accountable for their actions. Paying ransoms to cyber criminals is not the answer, and that more needs to be done to prevent these attacks from happening in the first place.
Latitude’s decision not to pay a ransom to the cyber criminals responsible for the recent data breach is a step in the right direction. However, there is still much work to be done to address the underlying issues that have led to the current situation. With the help of organizations like IDCare, policymakers in Australia can work towards developing a comprehensive approach to cyber security that protects individuals’ privacy and security while also supporting the growth of a strong and resilient cyber security industry.
Author: Manjushree Gavitre