Quick Read

• Adam Cartwright will start as the Chief Information Security Officer (CISO) at Australia Post in August.
• Cartwright formerly occupied top cyber security positions at Asahi Beverages, Commonwealth Bank of Australia (CBA), and ANZ Banking Group.
• Glenn Stuttard leaves after 11 and a half years with Australia Post.
• Stuttard intends to pause for a while before exploring new prospects.

Australia Post has revealed that Adam Cartwright will be stepping in as the new Chief Information Security Officer (CISO) beginning next month. Cartwright takes over from Glenn Stuttard, who is departing the organisation after more than 11 years of service. Stuttard’s exit signifies the conclusion of a notable chapter in Australia Post’s cyber security history.

Adam Cartwright’s Background

Adam Cartwright has a strong background in cyber security management and has joined Australia Post. Before this position, he was the Group General Manager of Cyber Security and Risk at Asahi Beverages. Cartwright has also served in significant roles like Deputy CISO at Commonwealth Bank of Australia (CBA) and Head of Cyber Security at ANZ Banking Group.

A spokesperson for Australia Post stated, “Adam will contribute extensive knowledge to Australia Post from his experience in cyber security across various sectors.”

Glenn Stuttard’s Departure

Glenn Stuttard, after serving Australia Post for 11.5 years, announced his resignation on LinkedIn last week. In his farewell message, Stuttard looked back on his journey with a sense of pride, highlighting the team’s achievements in protecting one of Australia’s most trusted brands. He also stated that he intends to “recharge before seeking new opportunities.”

Transition Period

The transition phase is anticipated to be seamless, with Cartwright taking over to uphold the strong security infrastructure founded during Stuttard’s tenure. Australia Post believes that Cartwright’s substantial experience will improve their cyber security practices even further.

Summary

Australia Post has named Adam Cartwright as the new Chief Information Security Officer, following Glenn Stuttard’s departure after 11.5 years of service. Cartwright’s broad expertise in cyber security within multiple sectors is anticipated to offer a new outlook on Australia Post’s security measures.

Q: Who has been appointed as the new CISO of Australia Post?

Adam Cartwright is set to begin his new role as Chief Information Security Officer at Australia Post next month.

What professional experience does Adam Cartwright have?

Adam Cartwright formerly served as the Group General Manager of Cyber Security and Risk at Asahi Beverages. Additionally, he held the roles of Deputy CISO at the Commonwealth Bank of Australia and Head of Cyber Security at ANZ Banking Group.

Why is Glenn Stuttard departing from Australia Post?

Glenn Stuttard is departing after 11.5 years at Australia Post to take a break and rejuvenate before seeking new opportunities.

How will this new leadership affect Australia Post?

The transition is anticipated to be seamless, as Adam Cartwright brings extensive expertise in cybersecurity to enhance Australia Post’s security framework.

When is Adam Cartwright scheduled to begin his position?

Adam Cartwright will begin his position as Chief Information Security Officer in August.

Quick Read

• AT&T experiences a significant data breach, affecting 109 million customer accounts in the United States.
• The data that has been compromised includes call and text records from the year 2022.
• The FBI and the US Federal Communications Commission are conducting an investigation.
• The security breach came after a ransomware attack on UnitedHealth Group in February.
• AT&T has blocked the route of unauthorized access.

AT&T Data Breach: Current Information and Insights

The American telecommunications behemoth AT&T has disclosed a major data breach affecting the call and text records of approximately 109 million US customer accounts. This breach took place in April when the data was unlawfully extracted from a third-party cloud service.

Extent of the Violation

The breached data encompasses call and text records from May to October 2022 for virtually all AT&T cellular and landline clients. It’s essential to clarify that the content of these calls and texts, as well as personal details like social security numbers, were not part of the compromised information. Additionally, the records involve interactions from AT&T customers of mobile virtual network operators using AT&T’s wireless network.

Ongoing Investigations

The FBI is presently examining the breach, and at least one person has been detained. The US Federal Communications Commission is also conducting an investigation. The FBI and the US Justice Department cooperated with AT&T to handle the incident-response and exchange essential threat intelligence.

Delayed Public Disclosure

The US Justice Department requested a delay in the public announcement of the hack. AT&T discovered the breach on April 19, following claims by a hacker that they had illegally obtained and duplicated AT&T’s call logs from April 14 to April 25.

Previous Data Incidents

This breach is the most recent in a string of major cyber-attacks impacting a large number of Americans. In February, UnitedHealth Group’s Change Healthcare division experienced a ransomware attack that may have compromised the personal information of a third of the US population. Moreover, in March, AT&T looked into a data set that was released on the dark web, seemingly impacting about 7.6 million current account holders and 65.4 million former account holders. This data set appeared to originate from 2019 or earlier.

Potential Consequences and Future Actions

Although AT&T has sealed the breach of unauthorized access and does not think the data is accessible to the public, the company is still collaborating closely with federal investigators to ensure the ongoing security and privacy of its customers’ information.

Summary

The AT&T data breach has impacted about 109 million US customer accounts, revealing call and text records from 2022. The FBI and other federal agencies are currently investigating the incident, and AT&T has secured the breach’s source. This occurrence highlights the increasing necessity for strong cybersecurity measures to protect consumer data.

Q&A

Q: What type of information was affected in the AT&T security breach?

A:

The breached data encompasses records of calls and texts from May to October 2022 for almost all AT&T cellular and landline users. Nevertheless, it excludes the content of calls or texts and personal details such as social security numbers.

Who is currently looking into the AT&T data breach?

A:

The breach is being investigated by both the FBI and the US Federal Communications Commission. At least one person has been arrested in relation to the incident.

When did AT&T become aware of the breach?

A:

AT&T initially discovered the breach on April 19, when a hacker asserted that they had illicitly accessed and duplicated AT&T’s call logs from April 14 to April 25.

Q: Has AT&T implemented any measures to avoid future security breaches?

A:

Indeed, AT&T has addressed the point of unauthorized access and is collaborating closely with federal investigators to improve its cybersecurity protocols and safeguard customer information in the future.

Quick Read

• Australia is set to implement legislation that requires internet companies to block scams.
• Severe penalties for failing to comply could amount to $50 million or higher.
• The ACCC and the treasury are seeking input from multiple industries to develop a code to combat scams.
• Advertisements for cryptocurrency scams that use Andrew Forrest’s name have led to substantial financial losses.
• Meta is facing a lawsuit for not effectively controlling misleading ads.
• The recent legislation seeks to make technology giants responsible, which might lead to clashes with United States laws.

Australia’s New Anti-Fraud Legislation

By the end of the year, Australia intends to implement a pioneering law that will require internet companies to actively prevent the hosting of scams or risk substantial fines. The Australian Competition and Consumer Commission (ACCC), alongside the treasury department, is presently engaging with internet, banking, and telecommunications companies to develop a compulsory and enforceable anti-scam code.

The Importance of This Legislation

This action follows significant financial losses for Australians due to cryptocurrency scam advertisements featuring high-profile individuals such as mining tycoon Andrew Forrest. Forrest has initiated legal proceedings against Facebook’s parent company, Meta, in California, after failing to compel the company to take action within Australia. Government statistics show that Australians’ losses from scams have surged from $900 million in 2020 to $2.7 billion in 2023, reflecting a global trend worsened by the increased online activity driven by the pandemic.

Consultation with Industry and Code Creation

The ACCC and the Treasury seek to create an anti-scam code mandating internet platforms to take reasonable measures to safeguard users. This encompasses providing efficient complaint services. At present, only telecommunications providers in Australia are subject to specific anti-scam regulations.

Possible Disputes with Major Technology Companies

The enactment of this law might provoke another clash between Australia and major tech companies. Historically, internet platforms have depended on U.S. legislation that mostly absolves them from accountability. The ACCC has previously required internet firms to pay media organizations licensing fees for content links, causing Meta to contemplate blocking media content on Facebook in Australia. The new anti-scam legislation could exacerbate these tensions by imposing legal liability on these platforms.

Expected Implementation Timeline

“We anticipate the implementation of these measures throughout this period and by the end of the year,” stated ACCC chair Gina Cass-Gottlieb. The ACCC maintains that clear and enforceable legal requirements are essential. Non-compliance with these new regulations could lead to penalties of up to $50 million, triple the profit obtained from the misconduct, or 30 percent of the revenue at the time the violation took place.

Ongoing Legal Proceedings and Potential Consequences

The ACCC is taking legal action against Meta for not preventing the display of deceptive advertisements that include well-known Australians. Meta has been defending itself since March 2022, and the case remains in the pre-trial phase. Cass-Gottlieb contends that a compulsory code would lessen the reliance on “retroactive” and lengthy court procedures for enforcement.

Meta has chosen not to provide comments regarding the timing of the anti-scam code. However, the company has previously expressed a preference for a voluntary code, arguing that a mandatory code could result in a focus on compliance rather than innovation.

Summary

Australia is poised to implement a groundbreaking anti-scam legislation by year’s end, aimed at holding internet companies responsible for preventing scams. Both the ACCC and the treasury are engaging with different industries to develop a regulatory anti-scam code. This initiative is intended to combat the increasing financial losses due to scams in Australia but might result in additional disputes with major tech companies such as Meta.

What is the main goal of Australia’s new anti-scam legislation?

The main goal is to require internet firms to take preventive measures against hosting scams and to offer efficient complaint services, thereby safeguarding users.

What are the potential fines for businesses that do not comply?

Companies could be subject to penalties amounting to $50 million, triple the advantage obtained from the misconduct, or 30 percent of their revenue at the point of the violation.

Why might there be a possible conflict with U.S. laws?

U.S. regulations generally shield internet platforms from liability for content created by users, whereas Australia’s recent legislation seeks to make these platforms legally responsible.

What has driven this recent legislative proposal?

The rising financial losses resulting from scams during the pandemic, which led to Australians losing $2.7 billion between 2020 and 2023, spurred this legislative action.

Who is in charge of developing the anti-scam code?

The mandatory anti-scam code is being developed under the leadership of the Australian Competition and Consumer Commission (ACCC) and the treasury department.

Q: Which types of scams have been most common in Australia?

Cryptocurrency scam ads featuring high-profile individuals such as Andrew Forrest have been especially common, resulting in considerable financial losses for Australians.

How could this new legislation affect technological innovation?

Certain technology firms, such as Meta, contend that enforcing a compulsory anti-fraud code might compel them to emphasize adherence at the expense of innovation.

Q: When is the law anticipated to take effect?

The ACCC aims to implement the new anti-scam codes by the end of this year.