Nicholas Kinports

“US Officials Claim China Suspected in Violation of FBI Surveillance System”

Nicholas Kinports on March 9, 2026

We independently review everything we recommend. When you buy through our links, we may earn a commission which is paid directly to our Australia-based writers, editors, and support staff. Thank you for your support!

China Allegedly Involved in FBI Surveillance Network Breach

Brief Overview

The FBI is probing a cyber breach within its internal system, thought to be associated with China.
This breach pertains to an unclassified network that contains sensitive data regarding domestic surveillance.
US entities, encompassing the White House, NSA, and CISA, are partaking in the investigation.
The inquiry is in its preliminary phase, lacking detailed data on the extent of the breach.

Suspicion of Chinese Cyber Breach on FBI Network

In a notable cybersecurity event, US officials are of the opinion that hackers connected to the Chinese government have compromised an internal computer network of the Federal Bureau of Investigation (FBI). This network is believed to contain sensitive data related to domestic surveillance directives.

Breach Insights

This breach involves an unclassified system of the FBI, which holds data on communications of individuals currently under investigation. The FBI pointed out the advanced tactics employed by the hackers and has begun remediation efforts in tandem with ongoing forensic examinations.

Joint Investigation Initiatives

<p.Multiple US entities, including the White House, National Security Agency (NSA), and Cybersecurity and Infrastructure Security Agency (CISA), are actively participating in the investigation. An official from the White House confirmed that discussions on cyber threats are held regularly, although details concerning this incident remain unreleased.

Conclusion

The suspected infiltration of an FBI network by hackers with alleged Chinese ties illustrates the ongoing risk of cyber intrusions jeopardizing national security frameworks. As probes continue, the cooperation among US security agencies emphasizes the urgency of protecting sensitive data.

Q: What kind of system was breached?

A: The breach affected an unclassified FBI system that includes data related to domestic surveillance communications.

Q: What is known about the hackers’ methods?

A: The FBI characterized the hackers’ tactics as advanced, suggesting a substantial level of proficiency in executing the breach.

Q: Which US entities are involved in the investigation?

A: The investigation encompasses the FBI, White House, NSA, and CISA, among other prominent security organizations.

Q: Has China commented on these allegations?

A: The Chinese embassy in Washington has not responded to inquiries concerning the breach allegations.

Q: How did the investigation initiate?

A: The FBI commenced its investigation upon noticing unusual log activity on the affected system on February 17.

Q: What is the present condition of the investigation?

A: The investigation is still in its initial stages, with ongoing attempts to evaluate the total scope and repercussions of the breach.

Health and Aged Care Chief Information Security Officer Resigns

Nicholas Kinports on March 8, 2026

TechBest: CISO of Health and Aged Care Department Retires

Brief Overview

David Lang, CISO for the Department of Health and Aged Care, has stepped down after 32 years of service.
Lang significantly contributed to the advancement of the department’s cyber security enhancement initiatives.
The department is streamlining its cyber security functions under a single provider.
Matt Newman is acting CISO while the search for a permanent successor is in progress.

David Lang’s Notable Career

David Lang, the Chief Information Security Officer (CISO) of the Department of Health and Aged Care, has retired after an impressive career in public service lasting over thirty years. Lang joined the department in September 2024, after a notable period at Services Australia, where he served as the national manager for cyber governance, policy, and engagement.

Retirement of CISO in Health and Aged Care

Cyber Security Enhancement Initiative

Upon his arrival, Lang was charged with progressing the department’s cyber security enhancement initiative. This project was designed to strengthen the department’s cyber resilience by integrating its end-to-end cyber security services into one provider. This strategic initiative is part of the department’s persistent efforts to reinforce its cyber defenses in a quickly changing threat environment.

Transition and Upcoming Plans

After Lang’s exit, the Department of Health and Aged Care has initiated a hiring process to secure a permanent successor. Meanwhile, Matt Newman, the deputy CISO, has taken on the role of acting CISO. This transition period is vital for sustaining the progress of the cyber security enhancement initiative and ensuring leadership and strategic continuity.

Reflections on an Esteemed Career

In a LinkedIn update revealing his retirement, Lang shared insights about his varied career path, which encompassed service delivery, law enforcement, electoral processes, and cyber security. He expressed appreciation for the experiences and challenges he faced throughout his journey, characterizing his career as a “wild ride” that was both fulfilling and unforgettable.

Conclusion

David Lang’s retirement signifies the conclusion of a significant chapter for the Department of Health and Aged Care. His efforts in improving the department’s cyber security capabilities have laid a robust groundwork for future progress. As the department searches for a new CISO, the emphasis continues to be on advancing the developments achieved during Lang’s tenure.

Q: Who is temporarily filling the CISO position?

A: Matt Newman, the deputy CISO, is currently acting as the CISO.

Q: What was David Lang’s prior role before he joined the Department of Health?

A: Before joining the Department of Health, David Lang was the national manager for cyber governance, policy, and engagement at Services Australia.

Q: What is the cyber security enhancement initiative?

A: The cyber security enhancement initiative is a project aimed at unifying the Department of Health’s cyber security operations under a single provider to improve overall cyber resilience.

Q: What steps is the department taking following Lang’s retirement?

A: The department is in the process of recruiting a permanent CISO while Matt Newman serves as the acting CISO.

In Images: Protecting AI Agents and NHIs – Perspectives from Saviynt Melbourne Roundtable

Nicholas Kinports on March 7, 2026

Protecting AI Agents and NHIs – Takeaways from Saviynt Melbourne Roundtable

AI Agents and Non-Human Identities: Insights from Melbourne

Brief Overview

AI and NHIs are becoming increasingly crucial to business functions.
Cybersecurity risks targeting AI frameworks are advancing quickly.
Strong governance structures are critical for AI protection.
Partnership among industry experts is essential for tackling AI issues.

Defining AI and Non-Human Identities

Artificial Intelligence (AI) and Non-Human Identities (NHIs) are reshaping the operational landscape for businesses throughout Australia. As these innovations become more integral to daily functions, it is vital to secure them against cyber threats.

Cybersecurity Obstacles

The swift advancement of AI technologies has introduced fresh cybersecurity challenges. Given that AI agents can function independently, they may be at risk of manipulation or exploitation by hostile entities. Thus, the implementation of strong security protocols is crucial to defend against possible breaches.

Governance and Structures

Developing sound governance structures is necessary to maintain the safety and integrity of AI technologies. Such frameworks assist in risk management and regulatory compliance, thereby enhancing trust in AI offerings.

Collaborative Efforts in the Industry

The Saviynt Melbourne Roundtable underscored the necessity of cooperation among industry players to confront the difficulties linked with AI and NHIs. By exchanging knowledge and strategies, industry leaders can more effectively navigate the intricacies of AI deployment and security.

Conclusion

The Saviynt Melbourne Roundtable brought to light the vital requirement for comprehensive security measures and collaborative initiatives in protecting AI agents and NHIs. As AI innovations become progressively essential, it is crucial to tackle cybersecurity issues through effective governance and industry collaboration for the benefit of Australian enterprises.

Q: What do Non-Human Identities (NHIs) represent?

A: NHIs are digital identities that do not correspond to human users, commonly utilized for AI systems and automated operations.

Q: What makes AI systems prone to cybersecurity risks?

A: AI systems, notably those that are autonomous, may be vulnerable to manipulation and exploitation without adequate safeguards.

Q: In what way can governance frameworks enhance AI safety?

A: Governance frameworks offer protocols for risk management, compliance assurance, and fostering confidence in AI technologies.

Q: What significance does industry collaboration have for AI security?

A: Collaboration within the industry facilitates the exchange of knowledge and strategic planning to overcome challenges and intricacies within AI security.

Tesla unveils the 6-seat Model Y L for Australia and New Zealand

Nicholas Kinports on March 6, 2026

Quick Read: Main Highlights

Tesla has verified the introduction of the 6-seater Model Y L for Australia and New Zealand, set to launch in 2026.
Model Y L offers an expanded size with a longer wheelbase to fit an additional row of seats.
Features a 2-2-2 seating arrangement for a luxurious experience.
Includes a 5-year unlimited km vehicle warranty and an 8-year battery warranty.
Projected pricing stands at approximately A$78,900, bridging the gap among current Model Y options.

Overview of the Model Y L

Tesla has officially announced the arrival of the Model Y L in Australia and New Zealand, slated for release in 2026. This new model caters to the needs of Australian families looking for a flexible electric SUV with enhanced seating capacity.

Tesla launching the 6-seater Model Y L for the Australian and New Zealand market

Beyond Just Extra Seats

The Model Y L is not merely a lengthened version of the current Model Y. It features a larger structure, with enhanced length and height due to an extended wheelbase. This modification makes room for a genuine third row of seats, ensuring plenty of legroom and comfort for all six passengers.

A Luxurious Seating Arrangement

Distinct from conventional seven-seat SUVs, Tesla’s Model Y L incorporates a 2-2-2 seating format, which provides a “captain’s chair” style in the middle row. This configuration allows for easier entry to the third row and elevates the comfort and luxurious ambiance of the vehicle.

Warranty and Assurance

With the debut of the Model Y L, Tesla is amplifying its warranty provisions. New owners will benefit from a 5-year unlimited km vehicle warranty, an upgrade from the previous 4-year/80,000 km limit. The battery warranty remains robust, offering 8 years or up to 192,000 km of coverage for Long Range and Performance models.

Australian Pricing for Model Y L

While the specific pricing for the Model Y L has yet to be revealed, it is anticipated to be around A$78,900. This strategically positions it within the current Model Y lineup, providing a competitive choice for those desiring extra seating without transitioning to a Model X.

Future Outlook

Although the precise launch date is still pending confirmation, Tesla is preparing to bring the Model Y L to the Australian and New Zealand markets this year. This rollout signifies a major step forward for Tesla, catering to larger families with a mid-sized electric SUV offering.

Conclusion

The Model Y L is set to address a vital segment in Tesla’s collection, providing a family-oriented six-seater electric SUV with premium amenities. With Tesla’s dedication to enhancing warranty and comfort, the Model Y L is on track to be a favored option among Australian EV fans.

Common Inquiries

Q: What is the seating layout of the Model Y L?

A: The Model Y L features a 2-2-2 seating layout, delivering a “captain’s chair” experience in the middle row.

Q: What kind of warranty is included with the Model Y L?

A: It includes a 5-year unlimited km vehicle warranty and an 8-year battery warranty.

Q: When will the Model Y L become available in Australia and New Zealand?

A: The Model Y L is anticipated to be available in 2026.

Q: What will the Model Y L likely cost?

A: While the exact pricing is still forthcoming, it is projected to be around A$78,900.

Q: How does the Model Y L differ from the standard Model Y?

A: The Model Y L is larger, with an extended wheelbase to allow for a third row, accommodating six passengers.

Europol e Gigantes da Tecnologia Desmantelam Serviço de Bypass de 2FA do Tycoon

Nicholas Kinports on March 6, 2026

Europol and technology companies dismantled the Tycoon 2FA phishing scheme.
Tycoon 2FA was accountable for almost two-thirds of the phishing attempts blocked by Microsoft.
Cloudflare detailed how Tycoon 2FA exploited two-factor authentication systems.
The operation deceived around 96,000 victims globally.
Microsoft confiscated 330 domains associated with Tycoon 2FA.
Healthcare and education sectors were significant targets.
FIDO2 and WebAuthn keys can help reduce these phishing threats.

The Worldwide Takeover of Tycoon 2FA

In a united effort, law enforcement from seven European nations have disrupted one of the largest phishing operations in the world, identified as Tycoon 2FA. This advanced phishing-as-a-service (PhaaS) had been active since 2023 and played a substantial role in phishing incidents globally, with Microsoft indicating it was responsible for nearly two-thirds of their blocked phishing attempts.

The Tycoon 2FA management panel.

Microsoft

Details of the Operation and Its Effects

Europol, in collaboration with tech companies including Microsoft, Trend Micro, Intel471, Proofpoint, Coinbase, and the Shadow Server Foundation, led the takedown. Tycoon 2FA ingeniously leveraged multifactor authentication (MFA) systems by replicating genuine Microsoft 365 and Google login pages. Victims unwittingly entered their credentials, which were intercepted and exploited by attackers to gain unauthorized access to their accounts.

Technical Utilization and Security Threats

Cloudflare disclosed that Tycoon 2FA employed their Workers serverless compute services as a proxy for login and 2FA requests. Attackers harvested session tokens to infiltrate corporate email systems, allowing them to oversee sensitive communications and issue fraudulent invoices from legitimate accounts. The operation impacted roughly 96,000 individuals globally, with the healthcare and education sectors being the most severely affected.

Preventative Measures and Future Actions

To mitigate such threats, experts advocate for the use of FIDO2 and WebAuthn hardware keys like YubiKeys. These tools offer a strong defense against PhaaS operations by providing enhanced authentication methods. Microsoft also initiated legal proceedings to confiscate 330 domains linked to Tycoon 2FA, a strategy previously employed in the fight against cybercrime.

Conclusion

The dismantling of Tycoon 2FA signifies a major victory in combating global phishing operations. Through collaborative efforts between law enforcement and technology firms, a significant danger to online security has been neutralized, emphasizing the need for advanced security protocols and international cooperation.

Q: What was Tycoon 2FA?

A: Tycoon 2FA was a phishing-as-a-service scheme that took advantage of multifactor authentication systems to capture credentials and session tokens.

Q: How did Tycoon 2FA function?

A: It imitated legitimate login pages, capturing user credentials and session tokens for account access.

Q: How many individuals were victimized by Tycoon 2FA?

A: Approximately 96,000 victims globally, particularly in the healthcare and educational fields.

Q: What strategies can prevent such phishing incidents?

A: Utilizing FIDO2 and WebAuthn hardware keys like YubiKeys can offer strong defenses against phishing schemes.

Q: Were there any arrests made related to Tycoon 2FA?

A: Europol has not reported any arrests in connection with the Tycoon 2FA operation.

Q: What part did Microsoft play in the operation’s takedown?

A: Microsoft played a crucial role in the takedown, initiating actions to seize 330 domains used by Tycoon 2FA.

Medibank Utilizes Cloud Technology to Attain and Maintain Marketing “Gold Standard”

Nicholas Kinports on March 5, 2026

Medibank Adopts Cloud Technology for Marketing Success

Brief Overview

Medibank commits to Salesforce’s Data 360 to boost marketing efficiency.
Data 360 facilitates a comprehensive view of customers for focused campaigns.
The organization strives for the “gold standard” in offering tailored customer experiences.
Data 360’s advantages reach beyond marketing to enhance service personalization and partnerships.

Medibank’s Tactical Investment in Data Cloud Technology

The pathway to marketing excellence for Medibank is characterized by its tactical investment in Salesforce’s Data 360, designed to refine marketing initiatives through improved data integration and insights.

Medibank employs cloud technology for marketing success

Medibank’s Brendan Lucas, right, speaks during the conference.

Integrating Customer Data for Improved Engagement

Central to Medibank’s plan is Data 360, which offers an all-encompassing view of customer data, facilitating targeted audience management and campaign execution. Initially centered on marketing, the application of Data 360 has expanded to include personalized service experiences and improved partner cooperation.

Realizing the “Gold Standard”

Medibank’s goal is to convey the appropriate message through the right channel at the suitable time, a vision referred to as the “gold standard” of customer experience. This strategy not only elevates customer satisfaction but also generates considerable time and cost efficiencies for the organization.

Expanding Beyond Marketing: New Use Cases

Though marketing was the primary focus, Medibank’s implementation of Data 360 has progressed. The platform now advances more tailored service journeys and fosters privacy-conscious collaborations with partners, demonstrating Medibank’s dedication to ongoing enhancement and adaptation in a shifting market environment.

Conclusion

Medibank’s investment in Salesforce’s Data 360 exemplifies a pledge to attain marketing excellence via technology. The amalgamation of extensive customer data not only refines marketing strategies but also improves service personalization, setting a standard for the customer experience.

Q: What is Salesforce’s Data 360?

A: Salesforce’s Data 360 is a cloud-based solution that consolidates data to create a 360-degree view of customers, facilitating targeted marketing and personalized service.

Q: What advantages does Data 360 provide for Medibank’s marketing activities?

A: Data 360 allows Medibank to unify customer data, enhance audience segmentation, and deliver personalized marketing messages across various channels, achieving the “gold standard” in customer experience.

Q: What are the extended uses of Data 360 outside of marketing?

A: Aside from marketing, Data 360 is utilized by Medibank to personalize service experiences and improve partner collaboration in a privacy-compliant way.

Q: Why is it vital for Medibank to achieve the “gold standard”?

A: Attaining the “gold standard” ensures customers receive the right message at the appropriate time, boosting satisfaction and loyalty, which are essential for maintaining a competitive edge.

US Treasury and Federal Housing Agency to Stop Utilization of Anthropic Products

Nicholas Kinports on March 4, 2026

U.S. Treasury and Federal Housing Agency to Stop Utilizing Anthropic Products

Brief Overview

U.S. Treasury and Federal Housing Agency will stop utilizing Anthropic products.
President Trump mandates cessation due to supply-chain risk issues.
Six-month wind-down timeframe for the Defense Department and others.
Competitor OpenAI secures a contract with the Defense Department.

Halting Use of Anthropic Products

The U.S. Treasury Department along with the federal housing agency are poised to halt their reliance on Anthropic products, including Claude, following an order from President Donald Trump. This action, categorizing Anthropic as a supply-chain risk, could profoundly affect the AI startup’s position in the crucial national-security AI domain.

U.S. Treasury, federal housing agency discontinuing use of Anthropic products

Consequences for Anthropic and the AI Sector

This action represents a significant challenge for Anthropic, a prominent figure in AI innovation, as the U.S. government raises issues regarding technological safeguards. With a six-month phase-out for Anthropic products, the AI sector is keenly observing the potential impacts on the company’s operations and its global reputation.

OpenAI’s Tactical Advantage

In a different turn of events, OpenAI has revealed a new agreement to implement its technology within the classified network of the Defense Department. This strategic move may bolster OpenAI’s standings in the AI market, particularly regarding government contracts and applications related to national security.

Conclusion

The U.S. government’s move to stop employing Anthropic products marks an essential juncture in the AI landscape, underscoring the persistent challenges and rivalries within the industry. As competition heats up, the deployment of AI technology in the context of national security is being reshaped quickly.

Q&A: Major Questions Clarified

Q: Why has the U.S. government opted to discontinue the use of Anthropic products?

A: The choice follows President Trump’s order, identifying Anthropic as a supply-chain risk along with concerns over technology safeguards.

Q: What is the timeline for phasing out Anthropic products?

A: A six-month phase-out is set for the Defense Department and other agencies utilizing Anthropic’s offerings.

Q: How does this resolution affect Anthropic’s position within the AI industry?

A: The resolution could potentially decrease Anthropic’s influence, affecting its reputation and capability to obtain future governmental contracts.

Q: What role is OpenAI playing in this changing scenario?

A: OpenAI has secured a contract to implement its technology in the Defense Department’s classified network, which may enhance its competitive position.

Q: What are the wider implications for the AI sector?

A: This development emphasizes the competitive landscape of the AI sector and the critical nature of adhering to governmental regulations and security protocols.

Optus to Enhance Workforce by Adding as Many as 700 New Employees

Nicholas Kinports on March 1, 2026

Optus Poised to Augment Workforce During Strategic Restructuring

Quick Read

Optus seeks to expand its workforce from 6800 to 7500 personnel.
Key focus is on insourcing call centre and network functions.
The firm aims to enhance risk management, security, and compliance.
Optus is tackling challenges related to its triple zero service disruption.
Noteworthy executives are being sought for appearances at parliamentary inquiries.

Optus Workforce Expansion Strategy

Optus, a major player in Australia’s telecommunications sector, is embarking on an ambitious workforce expansion initiative. The organization plans to increase its employee count from roughly 6800 to 7500 over the next year. This initiative forms part of a wider strategy to bring call centre and network operations back in-house.

Optus to grow employee base in Australia

Insourcing Initiative

CEO Stephen Rue shared insights about the expansion during a parliamentary inquiry regarding a recent triple zero outage. Although recent job cuts impacted 200 to 300 positions, the overall number of employees is set to rise as Optus begins to insource roles that were previously managed by international partners, particularly in India.

Optus has started this process by recalling around 100 positions from its operations in Chennai, with intentions to bring back an additional 300 roles to Australia. This transition is a component of a broader effort to bolster Optus’ abilities in risk management, security, and compliance.

Response to Triple Zero Outage

The organization faced considerable scrutiny following a triple zero service outage last year. An internal evaluation led by Dr. Kerry Schott underscored communication failures that intensified the situation. In response, Optus has implemented automated call monitoring and new testing protocols to facilitate early detection and escalation of emergency call failures.

Optus Executives in Parliamentary Demand

The parliamentary inquiry has called for appearances from prominent executives, including former Westpac CEO and Singtel board member Gail Kelly. Although she was granted the opportunity to appear virtually, Kelly declined due to prior commitments but expressed her support for the inquiry’s aims.

Summary

Optus is pursuing a strategic initiative to enlarge its workforce and enhance operational efficiency by insourcing essential functions. This effort is designed to strengthen its service delivery and address previous shortcomings in emergency responsiveness.

FAQ

Q: Why is Optus increasing its workforce?

A: Optus is augmenting its workforce to insource call centre and network operations, improve risk management, and boost its service capabilities.

Q: How many jobs is Optus planning to bring back to Australia?

A: Optus plans to return approximately 300 jobs from its offshore operations in Chennai to Australia.

Q: What measures is Optus implementing to avoid future triple zero outages?

A: Optus has introduced automated call monitoring and improved testing procedures to ensure prompt escalation of emergency call issues.

Q: Why did Gail Kelly decline to appear at the parliamentary inquiry?

A: Gail Kelly pointed to scheduling conflicts with board meetings in London as her reason for not participating in the inquiry, although she voiced support for its objectives.

Inexpensive AI Technology Able to Uncover Online Identities

Nicholas Kinports on February 28, 2026

Brief Overview

Large Language Models (LLMs) can now identify online users’ real identities at an inexpensive rate.
Studies indicate possible dangers for journalists, dissidents, and workers using aliases.
The ESRC framework aids in recognizing identities through unstructured information.
Tests demonstrate a notable enhancement in recall and precision compared to earlier techniques.
Researchers propose measures like rate limitations and restrictions on data exports to mitigate risks.

Large Language Models Revealing Online Identities

AI can uncover online identities at a low cost

Recent findings have shown that large language models (LLMs) can successfully unmask anonymity from pseudonymous online profiles for a relatively low expense. This advancement, made with readily available AI APIs, questions the effectiveness of online identity safeguards.

Risks to Pseudonymity

The investigation, carried out by scholars from ETH Zurich, the Machine Learning Alignment Theory Scholar program, and the AI company Anthropic, underscores the possible hazards for journalists, dissidents, and activists. The capacity to associate anonymous contributions with consumer profiles or engage in large-scale personalised social engineering is a substantial alarm.

Workers relying on pseudonymity for safeguarding may also face the danger of being revealed through this method.

Functionality of the ESRC Framework

The ESRC (Extract, Search, Reason, and Calibrate) framework is essential to the researchers’ strategy. It entails an LLM deriving identity-significant signals from unstructured posts, followed by a semantic search, analysis of the top candidates, and a concluding calibration to manage false positives. This methodology does not need structured data or manual work, making it extremely efficient.

Remarkable Outcomes

In evaluations, the LLM pipeline reached a 45.1% recall at a 99% precision level when correlating Hacker News accounts with LinkedIn profiles. This marks a considerable advancement over older techniques, which only achieved 0.1% recall. Additional testing on Reddit accounts and a dataset from Anthropic produced similarly notable outcomes.

Affordable Deanonymisation

The estimated cost for employing the agentic pipeline ranges from $1.41 to $5.64 per target. This cost-effectiveness enables it to be suitable for large-scale projects. The researchers anticipate that future models will enhance precision and lower costs even further.

Inadequacy of Safety Barriers

During evaluations, the commercial LLM safety mechanisms were deemed insufficient in halting deanonymisation. Simple modifications to prompts enabled agents to circumvent restrictions. The disjointed nature of the ESRC pipeline, mimicking normal usage patterns, complicates automated misuse detection.

Open-source models present an additional risk since they can function without commercial API limitations. Researchers advocate for the adoption of rate limitations, automated scraping detection, and restrictions on bulk data exports as temporary measures.

Conclusion

This study illustrates the capability of LLMs to effectively expose pseudonymous online identities economically. While the ramifications for privacy and security are troubling, the research also suggests potential strategies to safeguard user anonymity. As AI technologies continue to advance, our approaches to preserving online privacy must evolve as well.

Q: What are Large Language Models (LLMs)?

A: LLMs are sophisticated AI systems designed to comprehend and produce text that resembles human language by processing extensive datasets.

Q: How does the ESRC framework function?

A: It extracts identity-related signals from unstructured text, searches for relevant matches, evaluates candidates, and adjusts to control false positives.

Q: What are the primary threats identified by the research?

A: The research identifies risks to journalists, dissidents, activists, and workers using pseudonyms, as well as potential misuse in targeted advertising and social engineering initiatives.

Q: How efficient is the LLM pipeline in deanonymising users?

A: The pipeline achieved a recall of 45.1% at a precision of 99% in tests, significantly surpassing previous techniques.

Q: What are the financial considerations of this research?

A: The pipeline can deanonymise users at a cost ranging from $1.41 to $5.64 per target, making it practical for large-scale applications.

Q: What precautions do researchers recommend?

A: Researchers propose implementing rate limits, automated scraping detection, and restrictions on mass data exports to safeguard user anonymity.

How CBA Obtained 90% of Its Customer and Transaction Information

Nicholas Kinports on February 24, 2026

Core Modernization of Commonwealth Bank: Revealing Customer Data

How CBA revealed 90% of its customer and transaction data

Brief Overview

Commonwealth Bank has migrated to an SAP S/4 core, revealing 90% of customer data.
The modernization seeks to improve personalization and enhance behavioral banking.
Infrastructure expenditures decreased by 30% and performance enhanced by 30%.
Real-time data processing now enables advanced AI and machine learning integrations.
Strengthened system resilience and recovery times benefit all AWS users.

Harnessing Data Potential

Commonwealth Bank (CBA) has initiated a major transformation by shifting from an on-premises SAP R/3 core to an SAP S/4 core. This strategic transition, finalized in October of the previous year, has unlocked around 90% of the bank’s customer, account, and transactional data. This change allows CBA to utilize this data for profound personalization and behavioral banking.

Cloud Migration and Performance Enhancement

The shift to SAP S/4 hosted on AWS has resulted in a 30% cut in infrastructure costs and a 30% boost in system performance. This enhancement is particularly observable in quicker balance updates and real-time processing functions, like fraud detection and customer-specific pricing. The cloud environment accommodates millions of daily recalculations, improving customer experiences with customized fees and interest rates.

An Intelligent System

CBA’s evolution aims to transform its core banking system into a system of intelligence. The management of the bank’s data pipelines and analytics, along with AI applications, has become more efficient. Additionally, this transformation has streamlined operational frameworks, dismantling silos and promoting improved teamwork across divisions.

Insights from Real-Time Data

The modernization has diminished barriers to accessing data, enabling CBA to utilize it as a valuable source of customer behavioral insights. With real-time data signals, the bank can support sophisticated AI solutions, channeling data to Amazon SageMaker and Amazon Bedrock for advanced machine learning and generative AI projects.

Improvements in Resilience and Recovery

The core upgrade has also fortified system resilience. CBA has reduced the recovery time objective from 90 minutes to 16 minutes, with additional optimizations achieved through partnerships with SAP, Red Hat, and AWS. These enhancements, including upgrades to AWS EC2, are now accessible to all AWS users.

Conclusion

The core modernization initiative at Commonwealth Bank has unlocked substantial data capabilities, enhancing personalization and behavioral banking. The move to a cloud-based infrastructure has lowered costs while boosting performance, and real-time data insights drive advanced AI applications. Enhanced system resilience benefits both CBA and AWS customers worldwide.

Questions & Answers

Q: What was the main aim of CBA’s core modernization?

A: The main aim was to unlock 90% of customer and transaction data to enable comprehensive personalization and behavioral banking.

Q: How has modernization affected CBA’s infrastructure expenses?

A: The transition to cloud services hosted on AWS led to a 30% decrease in infrastructure expenses.

Q: What performance enhancements have been observed?

A: A 30% enhancement in performance has been recorded, with quicker balance updates and real-time processing capabilities.

Q: In what way does modernization support AI and machine learning?

A: The system now effectively delivers data to platforms such as Amazon SageMaker and Amazon Bedrock, facilitating advanced AI and machine learning applications.