Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Security Australia Government

Data Breach Hits Australia's Department of Social Services Credit Card System (theguardian.com) 32

Paul Karp, reporting for The Guardian: The Department of Social Services has written to 8,500 current and former employees warning them their personal data held by a contractor has been breached. In letters sent in early November the department alerted the employees to "a data compromise relating to staff profiles within the department's credit card management system prior to 2016." Compromised data includes credit card information, employees' names, user names, work phone numbers, work emails, system passwords, Australian government services number, public service classification and organisation unit. The department failed to warn staff how long the data was exposed for but a DSS spokesman told Guardian Australia that the contractor, Business Information Services, had advised that the data was open from June 2016 until October 2017. The data related to the period 2004 to 2015.
This discussion has been archived. No new comments can be posted.

Data Breach Hits Australia's Department of Social Services Credit Card System

Comments Filter:
  • by Anonymous Coward

    They stored "system passwords" in such a way that a data breach would reveal them?
    For 16 months all information needed to impersonate various government officials was "open"?

    I wonder if there will be actual negative consequences for them from this.

    • by _merlin ( 160982 )

      None of the Australian government IT incompetence surprises me. I know a lot of the people who work on these systems, and they're the kind of people who wouldn't get hired anywhere else. Don't get me wrong, a lot of them are really nice guys/gals and I'd have a beer with them any day of the week, they're just terrible developers. A lot of them were pushed by their parents to study computer science on the tail end of the dotcom bubble. Well-meaning parents thought they'd be setting up their kids for a saf

      • I worked in IT in the federal public service for about six months. It was one of the most soul-sucking experiences of my life. Hence, only six months.

  • Here are 2 other sites which have been breached. zoneedit.com 123-reg.co.uk Neither reported it and neither admit it.
  • Why is it that most of these data breaches seems to come fromthird parties that are contracted to serve their clients good, and then fall on their faces.

    Is it because of that Willie Sutton "That's where the money is," or is it because these third parties have indemnified themselves legally, and really don't care?

    Second question, would it even be a problem if the credit reporting agencies didn't make the Banks think your personal information was what really identified you, and your business value?

  • The Department of Social Services has written to 8,500 current and former employees warning them their personal data held by a contractor has been breached."

    In this day-and-age why wasn't such date held in an encrypted form?

panic: kernel trap (ignored)

Working...