Targeting personally identifiable information

Australian networks holding large amounts of personally identifiable information (PII) are often targeted by cyber adversaries.

In the past, adversaries needed to attack a number of different sources to access the same amount of information, but now they just need to find a way into one bulk data repository to siphon the personal information of a large number of Australians.

Foreign states, hacktivists, terrorists and cybercriminals seek to gain access to PII from poorly secured systems. Cybercriminals may use the stolen information for identity theft or attempt to extort money from organisations and individuals by threatening to release the stolen data.  Terrorists and hacktivists publicly disclose PII in order to embarrass, intimidate or threaten individuals, government and commercial organisations in ‘hack and release’ operations.

How to protect your business

Organisations should carefully consider how much PII they really need to collect, how they protect it, who they share it with, and the expectations of individuals who are entrusting their PII. Individuals should also consider how much information an online service needs to know about them and minimise the amount shared.

For any complaints about how personal information has been handled, please contact the Office of the Australian Information Commissioner.

If you believe your business has been the victim of cybercrime, report it to the police or the Australian Cybercrime Online Reporting Network.

Information security strategies for businesses and government agencies can be found on the Australian Signals Directorate website.