Data Breach Hits Australia's Department of Social Services Credit Card System

Paul Karp, reporting for The Guardian: The Department of Social Services has written to 8,500 current and former employees warning them their personal data held by a contractor has been breached. In letters sent in early November the department alerted the employees to "a data compromise relating to staff profiles within the department's credit card management system prior to 2016." Compromised data includes credit card information, employees' names, user names, work phone numbers, work emails, system passwords, Australian government services number, public service classification and organisation unit. The department failed to warn staff how long the data was exposed for but a DSS spokesman told Guardian Australia that the contractor, Business Information Services, had advised that the data was open from June 2016 until October 2017. The data related to the period 2004 to 2015.

Re:

[Hognoxious]

This here's Straaaaylia, mate. No bloomin gays here: it's rule number one [youtube.com].

Re:

[Pseudonym]

You're not Strayan, mate. This is the real one. [youtube.com]

Re:

[Desler]

Fosters. Australian for beer!

Re:

[Ze Wah]

Fosters. Australian for beer!

Not in Australia it isn't! No One Drinks Fosters Over here.
We export our crap beer so we don't have to drink it!

Re:

[mjwx]

Fosters. Australian for beer!

No-one in Australia drinks that swill, it's strictly for non-Australian markets because nothing is too bad for the rest of the world.

Terrible contractor.

[Anonymous Coward]

They stored "system passwords" in such a way that a data breach would reveal them?
For 16 months all information needed to impersonate various government officials was "open"?

I wonder if there will be actual negative consequences for them from this.

Re:

[Ze Wah]

Just another troll. I would mod down but have already commented.
Typical, they are posting as an Anonymous Coward.

Re:

[_merlin]

None of the Australian government IT incompetence surprises me. I know a lot of the people who work on these systems, and they're the kind of people who wouldn't get hired anywhere else. Don't get me wrong, a lot of them are really nice guys/gals and I'd have a beer with them any day of the week, they're just terrible developers. A lot of them were pushed by their parents to study computer science on the tail end of the dotcom bubble. Well-meaning parents thought they'd be setting up their kids for a saf

Re:

[Pseudonym]

I worked in IT in the federal public service for about six months. It was one of the most soul-sucking experiences of my life. Hence, only six months.

Too many...

[Bob Goddard]

Here are 2 other sites which have been breached. zoneedit.com 123-reg.co.uk Neither reported it and neither admit it.

Re:

[Desler]

But crypto is used by terrorists. You’re not a terrorist are you?

Re: Wouldn't be as much of an issue with crypto

[Matt.Battey]

And the Reds, don't forget about the Reds.

Vendors (i.e. cloud computing)

[Matt.Battey]

Why is it that most of these data breaches seems to come fromthird parties that are contracted to serve their clients good, and then fall on their faces.

Is it because of that Willie Sutton "That's where the money is," or is it because these third parties have indemnified themselves legally, and really don't care?

Second question, would it even be a problem if the credit reporting agencies didn't make the Banks think your personal information was what really identified you, and your business value?

Personal data has been breached ..

[najajomo]

“The Department of Social Services has written to 8,500 current and former employees warning them their personal data held by a contractor has been breached."

In this day-and-age why wasn't such date held in an encrypted form?