Medibank, Optus hacks: QLD Premier Annastacia Palaszczuk two-factor authentication driver’s licences

[ad_1]

Is it any wonder Australia keeps getting hacked? Annastacia Palaszczuk hammered over new ‘two factor authentication’ driver’s licence plan after Optus and Medibank catastrophes

  • A two-factor verification system was introduced for Queensland driver licences 
  • Premier Anastacia Palaszcazuk announced the cybersecurity measure Thursday 
  • Thousands of Australians have been replacing licences after Optus data breach 
  • Many people pointed out the safety measure wasn’t proper two-factor security 

Australians have ruthlessly mocked Annastacia Palaszczuk after she proudly unveiled a new cybersecurity feature for driver’s licenses following the Optus and Medibank hacks. 

The Premier tweeted on Thursday that Queensland driver’s licenses would have a ‘two-factor verification system effective from today’.

‘You will now need to provide the unique card number found on your driver’s licence, along with your licence number, for identification purposes for banks, telcos and utility providers,’ she said.

The feature is in response to 10 million Optus customers having their personal information compromised in the biggest cyber hack in the nation’s history, exposing one in three Australians to potential financial fraud.

See also  Marion Cotillard looks incredible on the red carpet at Asterix and Obelix premiere in France

This week a similar breach was reported by private health insurer Medibank. The scandals have forced thousands of Australians to replace their driver’s licenses.

Medibank, Optus hacks: QLD Premier Annastacia Palaszczuk two-factor authentication driver’s licences

The new security measure for Queensland driver’s licences will be in effect from Thursday

The Queensland premier announced the new cybersecurity measure on Twitter

The Queensland premier announced the new cybersecurity measure on Twitter

But users quickly pointed out the very loose form of 'two factor verification'

But users quickly pointed out the very loose form of ‘two factor verification’

The new secondary numbers on Queensland cards means that if there is another breach a new card can be issued without needing to get a new licence number.

While the effort might cut down on bureaucratic red tape it’s not true two-factor authentication as many Twitter users quickly pointed out.

Proper two-factor verification uses a different identification method – such as a unique code sent via text or an app – and not two different numbers on the same card.

Best practice would be a one-off digital key such as a pin number or QR code that only works once and is impossible to replicate or steal. 

Also, not all hacks resemble the Optus and Medibank breaches with their very public ransom demands. Some breaches are covert and customers remain unaware they need to change cards.

With telcos, banks, and utility companies holding both numbers there’s nothing stopping hackers using stolen licences for fraud. 

Other states and territories will likely follow Ms Palaczszuk's (pictured) lead

Other states and territories will likely follow Ms Palaczszuk’s (pictured) lead

Twitter users were quick to criticise the security measure as falling short

Twitter users were quick to criticise the security measure as falling short

‘Providing two different numbers from the same ID card does not qualify as a two-factor verification system,’ one person said.

See also  Pub barons Arthur Laundy, Justin Hemmes and Solomon family in hospitality war

‘The two numbers should not be together for security reasons, putting them on the same card fails the purpose of 2FA,’ another wrote.

‘Incredible the Queensland government/premier needed a lesson in two-factor authentication from Twitter,’ a third posted.

‘The other factor is also usually provided over a separate comms link. Who gives her this rubbish advice?’ a fourth added.

Some said the advice provided to government could have been better

Some said the advice provided to government could have been better

Private health insurer Medibank was the victim of a cyberattack and the hacking group has made demands

Private health insurer Medibank was the victim of a cyberattack and the hacking group has made demands 

Medibank hackers who stole sensitive personal data and medical information demanded $US1 for each of Medibank’s 9.7 million customers and threatened to release the info on the dark web if the amount wasn’t paid.

The insurer refused and the clandestine group believed to be Russian, released the first batch of customer data on Wednesday morning.

This included names, birthdates, addresses, email addresses, phone numbers, health claims information, Medicare numbers for Medibank’s ahm customers and passport numbers for international student clients.

Operation Guardian by the AFP setup after the Optus hack is being expanded to include the Medibank breach. 

TIPS FOR OPTUS AND MEDIBANK CUSTOMERS

* Be alert for any phone, email or postal phishing scams.

* Verify any communications you receive to make sure they are real.

* Don’t open text messages from unknown or suspicious numbers.

* Change passwords regularly, ensure they are classed as ‘strong”, don’t re-use old passwords, and activate two-factor authentication where possible.

* Immediately report any contact from someone claiming to have your data to ReportCyber, and report any scams to Scamwatch.

See also  Stephanie Beacham, 75, calls Coronation Street her favourite job of her 60 year career 

* Remember Medibank would never actually contact customers asking for sensitive information, including passwords.

Advertisement

[ad_2]

Source link