BreachExchange mailing list archives
G20 data email leak: ombudsman asked to investigate 'systemic problem'
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Wed, 1 Apr 2015 19:28:36 -0600
http://www.theguardian.com/australia-news/2015/apr/01/g20-data-email-leak-ombudsman-asked-to-investigate-systemic-problem The commonwealth ombudsman has been asked to investigate the immigration department after the personal details of G20 world leaders were accidentally disclosed in an embarrassing data breach. The shadow attorney general, Mark Dreyfus, wrote to the commonwealth ombudsman, Colin Neave, on Wednesday, asking him to examine whether the immigration department was complying with its obligations under the Privacy Act. On Monday Guardian Australia reported that the world leaders attending the G20 summit had their personal details – including passport and visa information – exposed after an employee accidentally sent an email with the data to a member of the Asian Cup local organising committee. Although the privacy commissioner’s office said it had concluded inquiries into the breach after it was notified by the department, Dreyfus said a larger inquiry was needed. Immigration Department data lapse reveals asylum seekers' personal details Read more In a letter to the ombudsman, Dreyfus said: “It is clear that the department has an ongoing, systemic problem in meeting its privacy and data security obligations. An investigation by the ombudsman into the department’s broader conduct is warranted. “This is the second significant data breach within the department under the current government. In February of last year the department inadvertently published online the personal information of nearly 10,000 asylum seekers.” “It is deeply concerning that the department has evidently not improved its practices since that incident.” The department had also recommended the G20 leaders not be notified of the breach, and wrote in a letter to the information commissioner that they considered the breach to be a low risk. Dreyfus said: “It is also deeply worrying that after becoming aware of the G20 data breach, the department chose not to notify the relevant leaders or their governments that their privacy and security had been compromised.” “Clearly, this data breach is a matter of concern to our international counterparts.The White House has now said that it is investigating the issue.” “In light of this incident, I have grave concerns about the ability of the department to competently handle the private information it is entrusted with. The minister has been completely unable to give any satisfactory reassurance.” The department has since banned an email autocomplete function that was blamed for the breach. But the change was made weeks after the November breach occurred.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- G20 data email leak: ombudsman asked to investigate 'systemic problem' Audrey McNeil (Apr 10)