Aussie Government Exposed Personal Info Via Security Report

Written by

The Australian home affairs department has been left red faced after accidentally leaking the personal information of participants in a government cybersecurity report, it has emerged.

The Guardian Australia revealed yesterday that around 50 business owners and employees got more than they bargained for when they took part in the Understanding Small Business and Cyber Security study.

Their names, business names, phone numbers and emails were erroneously published on the parliament website in response to a question from shadow cybersecurity and home affairs minister, James Paterson, it was revealed.

Read more on Australian data breaches: Optus Hit by Cyber-Attack, Breach Affects Nearly 10 Million Customers

A spokesperson for home affairs told the paper that it “is aware of a potentially unintentional data release,” and that it was “considering” contacting the impacted individuals as per its obligations under the Privacy Act.

The report itself was apparently developed as part of Australia’s government-backed Cyber Wardens program, which is designed to improve cybersecurity awareness and capability among small businesses.

The multimillion-dollar initiative was launched in the wake of several damaging breaches at big-name firms, including Optus and Medibank.

Paterson was quick to blame the government for the data leak.

“It’s deeply ironic this breach of personally identifiable information occurred in an answer to a question about improving cybersecurity for small businesses and from a department whose minister publicly attacked Optus when they had similar data stolen by a criminal gang,” he reportedly said.

“As bad as Optus, Medibank and other recent data breaches have been, a loss of data on that scale by a government department or agency could be even worse given the sensitivity of the material involved.”

What’s hot on Infosecurity Magazine?