RR Phantom
Location : Wasted Space Job/hobbies : Cayman Islands Actuary
| Subject: Idiot: OZschwitz government contractor paid $1m for e-security loses 8000 subscribers' personal information Tue Jul 10, 2012 12:26 am | |
| A federal government contractor that was paid more than $1 million to deliver e-security alert services to Australians has lost 8000 subscribers' personal information in the postal system.
AusCERT, which was paid $1,199,484.52 by the federal government to run staysmartonline.gov.au between April 29 2008 and April 29 2012*, lost subscribers' data after using Australia Post to send it on a DVD to the Department of Broadband, Communications and the Digital Economy (DBCDE) on April 11 when its contract to run the alerts service expired.
In an email to the site's 8000 subscribers sent at about 6pm on Friday, the "Stay Smart Online Team" said information that had "gone missing" on the DVD included subscribers' user names, email addresses, memorable phrases and passwords. It said passwords were "unreadable" (stored as a cryptographic hash).
The DBCDE claimed it had "no reason to believe" that subscribers' information had "been found and misused by any third party" and therefore did not believe that there was "a privacy risk". Advertisement
But it did not provide any evidence to support this claim, and suggested subscribers "consider" whether they should change their "user name, memorable phrase and/or password for other websites or services".
The DBCDE said in a statement that AusCERT was responsible for the security of the subscriber data.
Neither the DBCDE or AusCERT has said whether registered post was used to deliver the data via Australia Post's "express post service" or why the data was not sent electronically. AusCERT refused to comment, saying media enquiries were being handled by the DBCDE.
Australia Post, however, said the disc containing subscriber's personal information sent by AusCERT to the DBCDE was not posted using registered post, which it recommended using for sending sensitive information.
Read more: http://www.smh.com.au/digital-life/consumer-security/most-embarrassing-blunder-government-contractor-paid-1m-for-esecurity-alerts-service-loses-8000-subscribers-personal-information-20120709-21q86.html#ixzz20BsQl28x
|
|