Australia was recently hit by a huge data breach when a misconfiguration of a cloud storage system reportedly compromised some 50,000 employee records.
This is thought to be the second largest data breach in Australian history.
A number of employee records were compromised for several government departments, including 3,000 from the Department of Finance; 1,470 from the Australian Electoral Commission; and 300 from the National Disability Insurance Agency.
The following companies were reportedly affected:
- 25,000 from AMP Limited: a major Australian financial services company
- 17,000 from UGL: a utilities and construction company
- 1,500 from Rabobank
A third party contractor was apparently configuring an Amazon three bucket – a common form of cloud storage for masses of data – when they made the error of leaving the records openly accessible.
The type of information compromised may also be a cause for great concern, as it comprised of:
- Full names
- Phone numbers
- Email addresses
- Credit card numbers
- ID’s
- Passwords
- Staff salaries
- Staff expenses
This type of information could leave victims open to fraud. Confidential information like this should only be accessed and used by appropriate persons, and should not be placed on the internet for anyone to see and misuse.
Polish researcher, Wojiech, reportedly discovered the breach, but noted that most of the credit card numbers were already cancelled or out-of-date. However, cyber criminals could still use this information to cause damage.
Australia’s Prime Minister and Cabinet members said they were first made aware of the breach in early October 2017, and the Australian Cyber Security Centre were informed and instructed to, “secure the information and remove the vulnerability”.
In early November, the Victorian Electoral Commission admitted that they had accidentally published personal data belonging to 21,000 Melbourne residents and 28 silent electors online. The information was gathered for a local council election over ten years ago in 2005, but was accidentally uploaded by the Proportional Representation Society of Australia.
The information was easily found through a search engine.