that no passwords or financial details were compromised. Two weeks later, Telstra was hit by a similar attack, which exposed the names and email addresses of its employees dating back to 2017. A Telstra spokesperson didn’t clarify how many staff were affected. And by the end of the week, Woolworths’ online platform MyDeal confirmed that 2.2 million customers’ data had been accessed. For many customers, their names, email addresses, phone numbers, delivery addresses, and date of birth were all stolen, though 1.2 million customers only had their email addresses accessed. While the companies have all been very apologetic, the type of data that has been accessed lends itself to activities such as identity fraud and blackmail, which, at this scale, could be attractive to nation states or crime syndicates, according to Dr Dennis Desmond, lecturer of cybersecurity at the University of the Sunshine Coast. “These attacks are incredibly unfortunate. No business is 100 per cent safe and secure, but I do believe that organisations that hold onto personal and sensitive data should be held to a higher standard,” Dr. Desmond told Inside Retail.  “There’s a whole other question about whether they should be holding such personal data, but if they should, then they need to be held to account by the government, and management needs to be held accountable for any loss or compromise in that data. “The United States has been going through this for decades, and it’s frustrating and makes you angry that … no matter what the individual does, if a business is holding their data, they can do everything right and still be a victim.” There are many ways consumers can make themselves less impacted by potential breaches, such as using burner phones or fake email addresses when signing up for business’ services, but these behaviours put the onus on data protection back on the customer, rather than the businesses that collect and hold their data. According to Dr. Desmond, the recent breaches, and the relative silence about next steps from Optus, Telstra and MyDeal, show that the government needs to put a more robust data protection legislation in place to safeguard Australian’s data, and provide penalties to businesses that fail to keep their customers’ data safe.  In some cases, however, customers don’t have much of a choice.  “The problem is that for most people, sharing data is a pay-to-play system,” Dr. Desmond said.  “You give up your data in exchange for products and services, and if you don’t give up your data, they don’t have to serve you. People have been left frustrated and conflicted, and I think they’ll be more guarded moving forward – but I also think that, in some respects, people don’t have a choice in whether they share their data or not. “There’s got to be some real punitive damages to the organisations moving forward. More than just ‘you’re fired, but here’s your golden parachute’.” Is it worth the risk? Jason Pallant, senior lecturer at Swinburne University, agrees that consumers have been getting more cautious with their data, which will impact retailers’ ability to personalise their marketing to each customer. “What I think it comes down to is transparency around what data is being stored, why it’s being stored, how it’s being used, and how it’s being secured – but also, what value it’s bringing to the customer,” Pallant told Inside Retail.  “I expect people to opt out of data sharing moving forward unless businesses can clearly explain what customers are getting out of the trade.”  Collecting and using data is not inherently bad, Pallant explained, but has to be done with a  level of respect for the customer. “Look at Spotify: everyone loves their Wrap lists at the end of the year. There’s a clear benefit to the trade of them knowing what you’ve listened to all year,” Pallant said. “However, we don’t love businesses holding onto our passport number for years, and getting nothing from it. People’s identity is one of the most valued things in our society, so when that is breached, it’s catastrophic.”