More articles “The key thing we want to ensure is that all Australians are protected and our data is protected,” she said.
Ms Harkins said that while she was pleased the Federal Government would continue to require banks to hold customer data for 18 months, there was no guarantee that banks would comply.
“If the banks didn’t comply, we would take legal action against them, which we would have to take,” she told ABC Radio.
“And if they didn’t, we could be going to court and we would be able to put a claim against the banks.”
Data breach notification ‘could have been prevented’ with cyber-security improvements in 2015 But cyber-crime groups such as the National Cyber Security Centre (NCSC) and Australian Cyber Crime Unit (ACCU) are not the only ones to complain about the lack of notification.
In July, the NCSC warned the Commonwealth Bank that the bank should implement a “robust” cybersecurity plan in 2016 to prevent cyber-attacks.
The NCSC also said the bank needed to take a comprehensive approach to protecting customers’ information, including using data analytics tools to ensure customers’ accounts and credit card numbers were up-to-date and that banks were using a “safer, smarter approach”.
A spokeswoman for the Commonwealth bank said it was aware of the NCSCC report and was “currently reviewing its recommendations”.
In July the ACCCU issued a report highlighting concerns about the bank’s cybersecurity efforts, which included: A failure to notify customers when an attack was detected and prevented The lack of a system to notify clients if they were contacted by a cyber-criminal The lack, for example, of an automated response to inquiries from customers about bank account data breaches The lack “of an automated way to report cyber-related security breaches”, which could be triggered by customers contacting banks or banks themselves.
“It’s not just the banks, it’s the entire industry that has been hit hard by these types of breaches and they need to be proactive about it,” Ms Harkin said.
She said banks were taking cyber-threats seriously and had increased their cybersecurity practices.
“The more we invest in security, the better we’re going to be able defend ourselves and the less money we lose, the less damage we do,” she added.