Oz PM's department red-faced after database leaks in the cc: field
Privacy, we've heard of it
The Australian Department of Prime Minister and Cabinet, in an excess of security ineptitude, has mistaken the cc: field for the bcc: field. The inevitable result: a database of names and addresses has leaked.
The department, on behalf of the Australian government, was e-mailing women on a register called AppointWomen to tell them that register was being decommissioned.
Presumably after a few hundred outraged messages out of the reportedly “thousands” registered with the site, the acting first secretary of the DPMC, Tony Sloan, sent an apologetic e-mail to the list (presumably without repeating the original SNAFU).
The AppointWomen site allowed women to confidentially (until now) register their interest in board-level federal positions, and has been replaced by BoardLinks. The replacement requires registrants to come with someone else's nomination – a cabinet minister, a departmental secretary, or a “BoardLinks champion”.
Demonstrating its grasp of security and identity theft, the DPMC has said to The Guardian Australia the database was “defunct” and “has not been used for some time”.
Sloan's email to The Guardian Australia said “We sincerely apologise for the disclosure. We are currently reviewing our internal processes to ensure that this does not occur again”.
The Office of the Australian Information Commissioner has been informed of the breach. ®
- Black Hat
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Identity Theft
- Kenna Security
- Palo Alto Networks
- Privacy Sandbox
- Trusted Platform Module
- Zero trust