Credit card details, salary information published by government contractor

  • 03/11/2017
Credit card details, salary information published by government contractor
From: Audrey McNeil

Date: Thu, 2 Nov 2017 18:11:08 -0600

http://www.abc.net.au/news/2017-11-02/major-government-data-breach-prompts- investigation/9112246 The personal details of up to 50,000 Australians including some credit card numbers and salaries have been mistakenly posted online by a contractor, in one of the biggest data breaches to date. The information, including full names, emails, expenses and payment details, was publicly available online until early October. The breach, first reported by ItNews, was discovered by a Polish security researcher who searched for data that should have been protected online. Close to 25,000 credit card transactions of staff at insurer AMP were disclosed by the contractor, which has not yet been named. The Finance Department, the Australian Electoral Commission and the National Disability Insurance Agency have also been compromised. An AMP spokesman confirmed a, "limited amount of company data related to internal staff expenses was inadvertently stored in a publicly available cloud service". "The mistake was quickly corrected once identified and the matter was investigated to ensure all data had been removed," the spokesman told the ABC. "No customer data was compromised at any time [and] we are reviewing the situation to ensure standards are maintained." Dutch multinational Rabobank confirmed some of its employee data was breached and that an investigation had been launched. A spokeswoman for the bank said no client information or staff salaries and credit cards were disclosed. A spokesman from the Department of Prime Minister and Cabinet said the breach did not include national security data or classified material. "The data exposed was historical, archived and partially anonymised data," the spokesman said. "It contained limited personally identifiable information of government employees such as work email addresses, and in some cases Australian Government Service numbers and corporate credit card details. "The departments involved have been notifying affected staff and working to give them appropriate support." The Government agencies have been working with the Australian Cyber Security Centre and the Information Commissioner to "develop an appropriate response to the breach". The Federal Government has been increasingly outsourcing its IT projects to contactors who are winning close to $10 billion in contracts each year. The spiralling costs up from $5.9 billion in 2012-13 have not always resulted in better outcomes for the public and there are concerns about data being properly managed. This breach comes a year after the personal data of 550,000 blood donors, that included information about "at-risk" sexual behaviours, was leaked from the Red Cross Service. Just last month, a Government contractor lost a 1,000 page manual on future security arrangements at Parliament House. 'This is a serious breach' The Australian Cyber Security Centre and the Minister Assisting the Prime Minister for Cyber Security, Dan Tehan, have been contacted for comment. Labor's digital economy spokesman, Ed Husic, said the Government should have reported the breach before it was exposed by the media on Thursday. "The Government cannot claim that it is not to blame for the actions of a contractor. Ultimately the buck stops somewhere," he told the ABC. "This is some really sensitive data that has been obtained from passwords to credit card details, 50,000 Australians across Government and banks. "This is a serious breach and the Government should treat it seriously." _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
  
Or use your account on Blog

Error message here!

Hide Error message here!

Forgot your password?

Or register your new account on Blog

Error message here!

Error message here!

Hide Error message here!

Lost your password? Please enter your email address. You will receive a link to create a new password.

Error message here!

Back to log-in

Close