Category: Australia Tech News

Quick Read

• IAG has been a year into the implementation of a data mesh architecture.
• The organization is utilizing Google Cloud and Confluent solutions.
• The utilization of real-time data streaming is expanding within IAG.
• Google Cloud Platform (GCP) serves as the cornerstone of IAG’s strategic data platform.
• Confluent Cloud enables internal use cases for real-time streaming.

IAG’s Path to Implementing a Data Mesh

IAG is one year into adopting a data mesh architecture to further enhance the importance of data in its group operations and transformation initiatives. Burak Hoban, the executive manager of data platforms – data and risk, provided insights during the Confluent Data in Motion Tour 2024 event in Melbourne, expressing that IAG seeks to strike a balance in its data mesh journey.

Burak Hoban from IAG (left) with Rhett Pearson from Confluent (right) on-stage in Melbourne.

“We’ve already put that into practice, and we’re a year into the process,” Hoban mentioned. “My responsibility is to help expedite it.” Two key components of IAG’s data mesh include its strategic data and analytics platform, which utilizes Google Cloud services like BigQuery, alongside Confluent Cloud and connectors.”

Fundamental Tenets of Data Mesh

Data meshes are constructed based on several fundamental principles. These encompass treating data as a product, integrating data into a central repository while maintaining ownership and curation by “the domain team most acquainted” with the dataset, enabling self-service data access, and implementing universal standards for all data in use. Hoban noted that IAG had invested several years in establishing the essential components for a data mesh.

The use of real-time data is increasing.

IAG is beginning to identify more use cases for real-time streaming data throughout the organization. Hoban mentioned that the potential of real-time streaming and business eventing was acknowledged as early as 2017-18. Although some use cases did eventually surface, Hoban admitted that they were “slightly ahead of their time” overall.

Initial streaming implementations were internally constructed and overseen using Apache Kafka. However, as usage escalated, the insurer transitioned to a managed Kafka service via Confluent Cloud. This shift enabled Hoban and his team to collaborate more effectively with internal development and engineering teams, thereby boosting Kafka adoption.

“Kafka is beginning to take on a crucial role in our strategic platforms for the future,” Hoban remarked. He also hinted at a greater utilization of pre-built connectors provided by Confluent to access and stream data from different source systems.

Fully Committed to Google Cloud Platform (GCP)

At a Google Cloud Summit in Sydney in May, IAG’s Executive General Manager of Data, Risk, and Resilience, David Abrahams, shared additional insights about the insurer’s data platform built on GCP. Previously, the insurer had only mentioned its use of GCP in passing and had not discussed its architecture or decision-making process in detail.

“We possess a substantial amount of data that is crucial to our operations; however, due to our legacy systems, this data has become fairly fragmented and isolated,” Abrahams stated. IAG established Google Cloud as the cornerstone of its “strategic data and analytics platform.” This platform now utilizes Google Data Platform for advanced analytics, employing Vertex AI and machine learning on BigQuery.

The outcomes from this platform encompass the capability to craft more personalized experiences for customers and enable business teams to independently launch new models into production without requiring extra technical assistance.

Summary

IAG’s adoption of a data mesh architecture demonstrates its dedication to updating its data operations. Utilizing technology from Google Cloud and Confluent, IAG has established a framework that enables real-time streaming applications and self-service data access. This method improves customer experiences and grants internal teams increased independence in their data processes.

Q&A

A: Could you explain what a data mesh is?

A:

A data mesh is a design strategy that decentralizes data governance by considering data as a product. This allows domain-specific teams to manage and refine their datasets while following common guidelines.

Why did IAG opt for Google Cloud Platform?

A:

IAG selected Google Cloud Platform for its ability to provide a scalable and high-performance solution that could effectively handle its extensive, fragmented, and isolated data. This choice facilitates enhanced analytics and machine learning functionalities.

What function does Confluent Kafka serve in IAG’s strategic plan?

A:

Confluent Kafka enables IAG’s real-time streaming applications. It assists in synchronizing data across business tools, supports customer and policy migration processes, manages payment notifications, and helps develop real-time data products.

How has utilizing a managed Kafka model proven advantageous for IAG?

A:

By utilizing the managed Kafka model via Confluent Cloud, IAG has been able to free up its internal resources. This shift has enabled the team to concentrate on development and engineering activities, thereby increasing Kafka adoption throughout the organization.

Q: What are the advantages of IAG’s strategic data platform?

A:

IAG’s strategic data platform enhances customer experiences through greater personalization, allows business teams to independently deploy new models, and facilitates advanced analytics using Vertex AI and machine learning on BigQuery.

Q: What effect does real-time streaming have on IAG’s operations?

A:

Real-time streaming enables IAG to manage essential functions like generating pricing quotes or issuing policies effectively. Any downtime or problems with Kafka can severely affect these activities, underscoring its crucial importance.

Quick Read

• Adam Cartwright will start as the Chief Information Security Officer (CISO) at Australia Post in August.
• Cartwright formerly occupied top cyber security positions at Asahi Beverages, Commonwealth Bank of Australia (CBA), and ANZ Banking Group.
• Glenn Stuttard leaves after 11 and a half years with Australia Post.
• Stuttard intends to pause for a while before exploring new prospects.

Australia Post has revealed that Adam Cartwright will be stepping in as the new Chief Information Security Officer (CISO) beginning next month. Cartwright takes over from Glenn Stuttard, who is departing the organisation after more than 11 years of service. Stuttard’s exit signifies the conclusion of a notable chapter in Australia Post’s cyber security history.

Adam Cartwright’s Background

Adam Cartwright has a strong background in cyber security management and has joined Australia Post. Before this position, he was the Group General Manager of Cyber Security and Risk at Asahi Beverages. Cartwright has also served in significant roles like Deputy CISO at Commonwealth Bank of Australia (CBA) and Head of Cyber Security at ANZ Banking Group.

A spokesperson for Australia Post stated, “Adam will contribute extensive knowledge to Australia Post from his experience in cyber security across various sectors.”

Glenn Stuttard’s Departure

Glenn Stuttard, after serving Australia Post for 11.5 years, announced his resignation on LinkedIn last week. In his farewell message, Stuttard looked back on his journey with a sense of pride, highlighting the team’s achievements in protecting one of Australia’s most trusted brands. He also stated that he intends to “recharge before seeking new opportunities.”

Transition Period

The transition phase is anticipated to be seamless, with Cartwright taking over to uphold the strong security infrastructure founded during Stuttard’s tenure. Australia Post believes that Cartwright’s substantial experience will improve their cyber security practices even further.

Summary

Australia Post has named Adam Cartwright as the new Chief Information Security Officer, following Glenn Stuttard’s departure after 11.5 years of service. Cartwright’s broad expertise in cyber security within multiple sectors is anticipated to offer a new outlook on Australia Post’s security measures.

Q: Who has been appointed as the new CISO of Australia Post?

Adam Cartwright is set to begin his new role as Chief Information Security Officer at Australia Post next month.

What professional experience does Adam Cartwright have?

Adam Cartwright formerly served as the Group General Manager of Cyber Security and Risk at Asahi Beverages. Additionally, he held the roles of Deputy CISO at the Commonwealth Bank of Australia and Head of Cyber Security at ANZ Banking Group.

Why is Glenn Stuttard departing from Australia Post?

Glenn Stuttard is departing after 11.5 years at Australia Post to take a break and rejuvenate before seeking new opportunities.

How will this new leadership affect Australia Post?

The transition is anticipated to be seamless, as Adam Cartwright brings extensive expertise in cybersecurity to enhance Australia Post’s security framework.

When is Adam Cartwright scheduled to begin his position?

Adam Cartwright will begin his position as Chief Information Security Officer in August.

Quick Read

• AT&T experiences a significant data breach, affecting 109 million customer accounts in the United States.
• The data that has been compromised includes call and text records from the year 2022.
• The FBI and the US Federal Communications Commission are conducting an investigation.
• The security breach came after a ransomware attack on UnitedHealth Group in February.
• AT&T has blocked the route of unauthorized access.

AT&T Data Breach: Current Information and Insights

The American telecommunications behemoth AT&T has disclosed a major data breach affecting the call and text records of approximately 109 million US customer accounts. This breach took place in April when the data was unlawfully extracted from a third-party cloud service.

Extent of the Violation

The breached data encompasses call and text records from May to October 2022 for virtually all AT&T cellular and landline clients. It’s essential to clarify that the content of these calls and texts, as well as personal details like social security numbers, were not part of the compromised information. Additionally, the records involve interactions from AT&T customers of mobile virtual network operators using AT&T’s wireless network.

Ongoing Investigations

The FBI is presently examining the breach, and at least one person has been detained. The US Federal Communications Commission is also conducting an investigation. The FBI and the US Justice Department cooperated with AT&T to handle the incident-response and exchange essential threat intelligence.

Delayed Public Disclosure

The US Justice Department requested a delay in the public announcement of the hack. AT&T discovered the breach on April 19, following claims by a hacker that they had illegally obtained and duplicated AT&T’s call logs from April 14 to April 25.

Previous Data Incidents

This breach is the most recent in a string of major cyber-attacks impacting a large number of Americans. In February, UnitedHealth Group’s Change Healthcare division experienced a ransomware attack that may have compromised the personal information of a third of the US population. Moreover, in March, AT&T looked into a data set that was released on the dark web, seemingly impacting about 7.6 million current account holders and 65.4 million former account holders. This data set appeared to originate from 2019 or earlier.

Potential Consequences and Future Actions

Although AT&T has sealed the breach of unauthorized access and does not think the data is accessible to the public, the company is still collaborating closely with federal investigators to ensure the ongoing security and privacy of its customers’ information.

Summary

The AT&T data breach has impacted about 109 million US customer accounts, revealing call and text records from 2022. The FBI and other federal agencies are currently investigating the incident, and AT&T has secured the breach’s source. This occurrence highlights the increasing necessity for strong cybersecurity measures to protect consumer data.

Q&A

Q: What type of information was affected in the AT&T security breach?

A:

The breached data encompasses records of calls and texts from May to October 2022 for almost all AT&T cellular and landline users. Nevertheless, it excludes the content of calls or texts and personal details such as social security numbers.

Who is currently looking into the AT&T data breach?

A:

The breach is being investigated by both the FBI and the US Federal Communications Commission. At least one person has been arrested in relation to the incident.

When did AT&T become aware of the breach?

A:

AT&T initially discovered the breach on April 19, when a hacker asserted that they had illicitly accessed and duplicated AT&T’s call logs from April 14 to April 25.

Q: Has AT&T implemented any measures to avoid future security breaches?

A:

Indeed, AT&T has addressed the point of unauthorized access and is collaborating closely with federal investigators to improve its cybersecurity protocols and safeguard customer information in the future.

Quick Read

• Australia is set to implement legislation that requires internet companies to block scams.
• Severe penalties for failing to comply could amount to $50 million or higher.
• The ACCC and the treasury are seeking input from multiple industries to develop a code to combat scams.
• Advertisements for cryptocurrency scams that use Andrew Forrest’s name have led to substantial financial losses.
• Meta is facing a lawsuit for not effectively controlling misleading ads.
• The recent legislation seeks to make technology giants responsible, which might lead to clashes with United States laws.

Australia’s New Anti-Fraud Legislation

By the end of the year, Australia intends to implement a pioneering law that will require internet companies to actively prevent the hosting of scams or risk substantial fines. The Australian Competition and Consumer Commission (ACCC), alongside the treasury department, is presently engaging with internet, banking, and telecommunications companies to develop a compulsory and enforceable anti-scam code.

The Importance of This Legislation

This action follows significant financial losses for Australians due to cryptocurrency scam advertisements featuring high-profile individuals such as mining tycoon Andrew Forrest. Forrest has initiated legal proceedings against Facebook’s parent company, Meta, in California, after failing to compel the company to take action within Australia. Government statistics show that Australians’ losses from scams have surged from $900 million in 2020 to $2.7 billion in 2023, reflecting a global trend worsened by the increased online activity driven by the pandemic.

Consultation with Industry and Code Creation

The ACCC and the Treasury seek to create an anti-scam code mandating internet platforms to take reasonable measures to safeguard users. This encompasses providing efficient complaint services. At present, only telecommunications providers in Australia are subject to specific anti-scam regulations.

Possible Disputes with Major Technology Companies

The enactment of this law might provoke another clash between Australia and major tech companies. Historically, internet platforms have depended on U.S. legislation that mostly absolves them from accountability. The ACCC has previously required internet firms to pay media organizations licensing fees for content links, causing Meta to contemplate blocking media content on Facebook in Australia. The new anti-scam legislation could exacerbate these tensions by imposing legal liability on these platforms.

Expected Implementation Timeline

“We anticipate the implementation of these measures throughout this period and by the end of the year,” stated ACCC chair Gina Cass-Gottlieb. The ACCC maintains that clear and enforceable legal requirements are essential. Non-compliance with these new regulations could lead to penalties of up to $50 million, triple the profit obtained from the misconduct, or 30 percent of the revenue at the time the violation took place.

Ongoing Legal Proceedings and Potential Consequences

The ACCC is taking legal action against Meta for not preventing the display of deceptive advertisements that include well-known Australians. Meta has been defending itself since March 2022, and the case remains in the pre-trial phase. Cass-Gottlieb contends that a compulsory code would lessen the reliance on “retroactive” and lengthy court procedures for enforcement.

Meta has chosen not to provide comments regarding the timing of the anti-scam code. However, the company has previously expressed a preference for a voluntary code, arguing that a mandatory code could result in a focus on compliance rather than innovation.

Summary

Australia is poised to implement a groundbreaking anti-scam legislation by year’s end, aimed at holding internet companies responsible for preventing scams. Both the ACCC and the treasury are engaging with different industries to develop a regulatory anti-scam code. This initiative is intended to combat the increasing financial losses due to scams in Australia but might result in additional disputes with major tech companies such as Meta.

What is the main goal of Australia’s new anti-scam legislation?

The main goal is to require internet firms to take preventive measures against hosting scams and to offer efficient complaint services, thereby safeguarding users.

What are the potential fines for businesses that do not comply?

Companies could be subject to penalties amounting to $50 million, triple the advantage obtained from the misconduct, or 30 percent of their revenue at the point of the violation.

Why might there be a possible conflict with U.S. laws?

U.S. regulations generally shield internet platforms from liability for content created by users, whereas Australia’s recent legislation seeks to make these platforms legally responsible.

What has driven this recent legislative proposal?

The rising financial losses resulting from scams during the pandemic, which led to Australians losing $2.7 billion between 2020 and 2023, spurred this legislative action.

Who is in charge of developing the anti-scam code?

The mandatory anti-scam code is being developed under the leadership of the Australian Competition and Consumer Commission (ACCC) and the treasury department.

Q: Which types of scams have been most common in Australia?

Cryptocurrency scam ads featuring high-profile individuals such as Andrew Forrest have been especially common, resulting in considerable financial losses for Australians.

How could this new legislation affect technological innovation?

Certain technology firms, such as Meta, contend that enforcing a compulsory anti-fraud code might compel them to emphasize adherence at the expense of innovation.

Q: When is the law anticipated to take effect?

The ACCC aims to implement the new anti-scam codes by the end of this year.

Quick Read

• An Australian Army IT technician and her partner have been accused of crimes related to espionage.
• The duo is charged with transmitting sensitive Defense information to a personal email account.
• The Australian Federal Police claim that they planned to provide the information to Russian officials.
• Officials have announced that there is no current danger stemming from the incident.
• The charges might increase if a direct connection to a foreign principal is proven.

Incident Overview

An information systems technician in the Australian Army and her partner have been accused of an espionage-related crime for allegedly sending sensitive Defense information from the woman’s account to a private email. The Australian Federal Police (AFP) indicated that the duo, who are Russian-born Australian citizens, planned to provide this information to Russian officials.

Citizenship Details

The woman became an Australian citizen in 2016, followed by her husband in 2020. This detail underscores their relatively recent incorporation into Australian society prior to the suspected espionage incidents.

Allegations

The AFP claims that the duo collaborated to acquire sensitive Defence information while the soldier was on extended leave. During this time, it is reported that she made undisclosed trips to Russia, both with and without her partner. Allegedly, while the man stayed in Australia, the woman directed him to log into her official work account and retrieve specific information, which he then sent to her private email account while she was in Russia.

Security Concerns

The Federal Police claim that the accessed sensitive information pertained to Australia’s national security interests. Despite the seriousness of these claims, officials have reassured the public that there is no current threat from this incident and that no major compromise has been detected at this time.

Potential Increase in Charges

The Federal Police have indicated that the charges against the duo could be upgraded from “preparing for an espionage offence” to espionage if a direct evidential connection to a foreign principal is established in the future. This potential escalation highlights the seriousness of the situation and the ongoing nature of the investigation.

Investigation Details

AFP commissioner Reece Kershaw praised the counter foreign interference taskforce (CFITF) for their “exceptional determination and skill” in probing the alleged actions of the duo. The CFITF comprises the AFP, ASIO, and other Commonwealth partners, underscoring the joint effort required to tackle this security violation.

ASIO Statement

ASIO director-general Mike Burgess highlighted that this situation exemplifies the efforts of numerous countries to pilfer Australia’s secrets. He remarked, “Espionage is not just an outdated cold war concept. It harms our economy and undermines our strategic edge. It can lead to devastating real-world outcomes.”

Summary

This incident strongly emphasizes the persistent dangers associated with espionage. The purported activities of an Australian Army IT specialist and her companion reveal weaknesses in Defence systems and stress the need for rigorous security protocols. The concerted work of multiple Australian security agencies has played a crucial role in detecting and addressing this risk, ensuring that no major breach has taken place to date.

What accusations were made against the pair?

A:

The duo faced charges for an espionage-related offense, accused of allegedly transmitting sensitive Defense information accessed through the woman’s account to a private email with the intention of sharing it with Russian authorities.

Q: By what means did they purportedly acquire the confidential data?

A:

The AFP claims that while the woman was on extended leave and visiting Russia, she guided her partner on how to access her official work account and retrieve certain information to be sent directly to her personal email account.

Is there any current threat stemming from this incident?

A:

Authorities have confirmed that there is no current threat from this incident and no major compromise has been detected at this time.

Is it possible for the charges against them to increase?

A:

Indeed, charges may escalate from “preparing for an espionage offense” to espionage if conclusive evidence linking to a foreign principal is discovered later on.

What organizations took part in examining this case?

A:

The counter foreign interference taskforce (CFITF), comprising the AFP, ASIO, and various other Commonwealth collaborators, carried out the investigation.

What remarks did the director-general of ASIO, Mike Burgess, make regarding this case?

A:

Mike Burgess highlighted that various nations are attempting to steal Australian secrets, resulting in harm to the economy and a reduction in strategic benefits. He stressed that espionage can lead to severe real-world repercussions.