Advertisement

Australians’ salaries and credit card numbers leaked in data breach

The information of tens of thousands of staffers was only pulled down last month.

The information of tens of thousands of staffers was only pulled down last month.

The personal details of up to 50,000 Australians – including credit card numbers and salaries – have been posted online by a contractor, in one of the biggest data breaches to date.

The information, including full names, emails, expenses and payment details, was publicly available online until October.

The breach, first reported by ItNews, was discovered by a Polish security researcher who searched for data that should have been protected online.

Close to 25,000 personal details of staff at insurer AMP were disclosed by the contractor, which has not yet been named.

Staff at Rabobank, the Finance Department, the Australian Electoral Commission and the National Disability Insurance Agency have also reportedly been compromised.

An AMP spokesman confirmed a, “limited amount of company data related to internal staff expenses was inadvertently stored in a publicly available cloud service”.

“The mistake was quickly corrected once identified and the matter was investigated to ensure all data had been removed,” the spokesman told the ABC.

“No customer data was compromised at any time [and] we are reviewing the situation to ensure standards are maintained.”

Rabobank refused to comment on the breach but said they had launched their own investigation.

The federal government has been increasingly outsourcing its IT projects to contractors who are winning close to $10 billion in contracts each year.

The spiralling costs — up from $5.9 billion in 2012-13 — have not always resulted in better outcomes for the public and there are concerns about data being properly managed.

This breach comes a year after the personal data of 550,000 blood donors, that included information about “at-risk” sexual behaviours, was leaked from the Red Cross Service.

The Australian Cyber Security Centre and the Minister Assisting the Prime Minister for Cyber Security, Dan Tehan, have been contacted for comment.

Labor’s digital economy spokesman, Ed Husic, said the government knew about the breach back in October and did not disclose it until media reports emerged on Thursday.

“The government cannot claim that it is not to blame for the actions of a contractor. Ultimately the buck stops somewhere,” he told the ABC.

“This is some really sensitive data that has been obtained from passwords to credit card details, 50,000 Australians across government and banks.

“This is a serious breach and the government should treat it seriously.”

-ABC

Stay informed, daily
A FREE subscription to The New Daily arrives every morning and evening.
The New Daily is a trusted source of national news and information and is provided free for all Australians. Read our editorial charter
Copyright © 2024 The New Daily.
All rights reserved.