Slashdot Mirror

← Back to Stories (view on slashdot.org)

Data Breach Hits Australia's Department of Social Services Credit Card System (theguardian.com)

Posted by msmash on from the security-woes dept.

Paul Karp, reporting for The Guardian: The Department of Social Services has written to 8,500 current and former employees warning them their personal data held by a contractor has been breached. In letters sent in early November the department alerted the employees to "a data compromise relating to staff profiles within the department's credit card management system prior to 2016." Compromised data includes credit card information, employees' names, user names, work phone numbers, work emails, system passwords, Australian government services number, public service classification and organisation unit. The department failed to warn staff how long the data was exposed for but a DSS spokesman told Guardian Australia that the contractor, Business Information Services, had advised that the data was open from June 2016 until October 2017. The data related to the period 2004 to 2015.

32 comments

  1. Trump? Gays? by Anonymous Coward · · Score: 0

    Am I forgetting any other first post?

    1. Re:Trump? Gays? by Hognoxious · · Score: 1

      This here's Straaaaylia, mate. No bloomin gays here: it's rule number one.

      --
      Confucius say, "Find worm in apple - bad. Find half a worm - worse."
    2. Re:Trump? Gays? by Pseudonym · · Score: 1

      You're not Strayan, mate. This is the real one.

      --
      sub f{($f)=@_;print"$f(q{$f});";}f(q{sub f{($f)=@_;print"$f(q{$f});";}f});
  2. Strewth! by Anonymous Coward · · Score: 0

    Put another shrimp on the barbie

    1. Re: Strewth! by Anonymous Coward · · Score: 0

      For starters it's "Struth".

      & they are prawns in Australia, not shrimp :0).

    2. Re: Strewth! by Anonymous Coward · · Score: 0

      Throw an Indochimp on the barbie!

    3. Re: Strewth! by Anonymous Coward · · Score: 0

      It's shrimp according to Aussie ambassador to the USA, Mick Dundee.

    4. Re: Strewth! by Anonymous Coward · · Score: 0

      Go directly to hell. Do not pass go. Do not collect $200.

    5. Re: Strewth! by Desler · · Score: 1

      Fosters. Australian for beer!

    6. Re: Strewth! by Ze+Wah · · Score: 1

      Fosters. Australian for beer!

      Not in Australia it isn't! No One Drinks Fosters Over here.
      We export our crap beer so we don't have to drink it!

    7. Re: Strewth! by mjwx · · Score: 1

      Fosters. Australian for beer!

      No-one in Australia drinks that swill, it's strictly for non-Australian markets because nothing is too bad for the rest of the world.

      --
      Calling someone a "hater" only means you can not rationally rebut their argument.
  3. Terrible contractor. by Anonymous Coward · · Score: 1

    They stored "system passwords" in such a way that a data breach would reveal them?
    For 16 months all information needed to impersonate various government officials was "open"?

    I wonder if there will be actual negative consequences for them from this.

    1. Re: Terrible contractor. by Anonymous Coward · · Score: 0

      Embarrassing news reported in the press on a Friday (when fewest people will read snout it): colour me surprised.

    2. Re:Terrible contractor. by _merlin · · Score: 1

      None of the Australian government IT incompetence surprises me. I know a lot of the people who work on these systems, and they're the kind of people who wouldn't get hired anywhere else. Don't get me wrong, a lot of them are really nice guys/gals and I'd have a beer with them any day of the week, they're just terrible developers. A lot of them were pushed by their parents to study computer science on the tail end of the dotcom bubble. Well-meaning parents thought they'd be setting up their kids for a safe and potentially lucrative career, but the kids really weren't interested in it and in many cases had no aptitude for it. So you ended up with a large oversupply of mediocre developers, who found it hard to find employment in the industry.

      The government, wanting to at least appear to drag themselves into the 21st century, started hiring developers to build new internal systems and public-facing web sites for the Department of Social Security (DSS), Australian Taxation Office (ATO), Medicare, etc. The pay they offered wasn't great, and it often required you to move to Canberra. So they definitely weren't attracting the best and brightest, but it did allow a lot of these mediocre developers to get jobs that were enough to make their parents proud of them. But since they aren't really paid very well, and there's no tangible benefit for performing above average (e.g. can't get a bonus for landing a big sale by implementing a new feature), they don't have much of an incentive to work hard or skill up. So they muck around playing indoor cricket in the corridors, and playing CS:GO on the days when they're working from home.

      Interestingly, some Australian government departments seem to be a lot more competent with their IT, notably the Department of Foreign Affairs and Trade (DFAT) and the Australian Securities and Investment Commission (ASIC). These departments spend a lot more time dealing with the businesses that bring money into the country (Australia is still very much a primary producer/exporter), so there seems to be a bit more pressure to have things working.

    3. Re:Terrible contractor. by Pseudonym · · Score: 1

      I worked in IT in the federal public service for about six months. It was one of the most soul-sucking experiences of my life. Hence, only six months.

      --
      sub f{($f)=@_;print"$f(q{$f});";}f(q{sub f{($f)=@_;print"$f(q{$f});";}f});
  4. Indochimps go “ooh ooh! ahh ahh!” by Anonymous Coward · · Score: 0

    Why would there be consequences? This is fairly normal, outsourced Indochimp work quality. If the Indochimps haven’t faced any issues before why would they now?

  5. Too many... by bib1620 · · Score: 1

    Here are 2 other sites which have been breached. zoneedit.com 123-reg.co.uk Neither reported it and neither admit it.

    1. Re:Too many... by Anonymous Coward · · Score: 0

      I believe it.

      Sitting in a security meeting last week, we were told that we were going to do everything we can to avoid a data breach, but it is inevitable. It will happen.

      Let's face it, all of our systems were developed without consideration for security. We have spent hundreds of millions on infrastructure and to throw all that away for security doesn't make financial sense.

      If we were threatened with a billion dollar fine for a data breach, then maybe, we'd scrap everything and redo it.

      But with what vendor? Microsoft's stuff is still all legacy unsecured code. Same for Mac. Linux? Same there.

      And the other vendors are just ancient shit - IBM, Plahease!

      So, we're between a rock and a hard place.

      But ask yourselves this, how much has it hurt Yahoo!, Anthem, Equifax, Target, Home Depot, Lowes, and every other firm who has had huge data breaches?

      Bad PR and a slap on the wrist.

      We, the people, are just a commodity like sheep or pigs or chickens to be abused and used.

  6. Shame on Slashdot users by Anonymous Coward · · Score: 0

    Shame on whoever posted this racist garbage. Also, shame on the Slashdot users with mod points who have left the parent alone instead of modding it down. It's very disappointing that racism is tolerated on this site. I wonder what Slashdot's advertisers think of their ads appearing alongside the racist garbage in the parent. Why is racism tolerated on this site? Can anyone justify it? It's indefensible that the parent isn't at -1.

    1. Re:Shame on Slashdot users by Anonymous Coward · · Score: 0

      Indochimp spotted.

    2. Re:Shame on Slashdot users by Ze+Wah · · Score: 1

      Just another troll. I would mod down but have already commented.
      Typical, they are posting as an Anonymous Coward.

  7. Wouldn't be as much of an issue with crypto by Anonymous Coward · · Score: 0

    This is why I prefer crypto. It puts the power of money back in the hands of the spender where it belongs and removes an outdated pitifully incurable system. It also eliminates the risk businesses face of being defrauded.

    1. Re:Wouldn't be as much of an issue with crypto by Desler · · Score: 1

      But crypto is used by terrorists. You’re not a terrorist are you?

    2. Re: Wouldn't be as much of an issue with crypto by Matt.Battey · · Score: 1

      And the Reds, don't forget about the Reds.

  8. Vendors (i.e. cloud computing) by Matt.Battey · · Score: 1

    Why is it that most of these data breaches seems to come fromthird parties that are contracted to serve their clients good, and then fall on their faces.

    Is it because of that Willie Sutton "That's where the money is," or is it because these third parties have indemnified themselves legally, and really don't care?

    Second question, would it even be a problem if the credit reporting agencies didn't make the Banks think your personal information was what really identified you, and your business value?

    1. Re:Vendors (i.e. cloud computing) by Anonymous Coward · · Score: 0

      The third-parties have legally indemnified themselves and have no responsibility. The first-party contracted out to a third-party for the same reason, to avoid liability.

  9. Lern2spell indochimp by Anonymous Coward · · Score: 0

    I’d rather color you surprised.

    Lern2spell indochimp

    1. Re:Lern2spell indochimp by Anonymous Coward · · Score: 0

      *Learn2Spell.
      Do us all a favour and jump off a bridge. It might bring some honour back to your family. It would also paint the road a nice red colour. Although you may land on a bunch of aluminium cans that would crash the fall.

    2. Re:Lern2spell indochimp by Anonymous Coward · · Score: 0

      No thanks, Indochimp.

    3. Re:Lern2spell indochimp by Anonymous Coward · · Score: 0

      And that's ALUMINIUM, not ALOOM-I-NUM, dumb seppo cunt.

  10. Just say no to outsourced Indochimps! by Anonymous Coward · · Score: 0

    Maybe in organizations like yours that outsources work to Indochimps. My company only hires red-blooded, big-penised Americans and we’ve never had a breach.

    Just say no to outsourced Indochimps!

  11. Personal data has been breached .. by najajomo · · Score: 1

    The Department of Social Services has written to 8,500 current and former employees warning them their personal data held by a contractor has been breached."

    In this day-and-age why wasn't such date held in an encrypted form?