Australia’s immigration department accidentally exposed the personal details of several world leaders, including Prime Minster David Cameron, attending the G20 summit in Brisbane last November, it has been revealed.
The department decided not to inform their respective governments, though, reports The Guardian.
According to documents obtained by the newspaper through Australia’s freedom of information laws, an employee of the Department of Immigration and Border Protection accidentally sent passport details, visa information and other details to a member of the organising committee of the Asian Cup football tournament, held in January.
The recipient deleted the email in question and notified immigration authorities, who then reported the incident to Australia’s privacy commissioner on November 7.
The document says the department was informed within ten minutes of the breach occurring and there is no record of the email being forwarded, nor was a copy created as the Asian Cup committee’s backup systems only run overnight.
“The personal information which has been breached is the name, date of birth, title, position nationality, passport number, visa grant number and visa subclass held relating to 31 international leaders (ie prime ministers, presidents and their equivalents) attending the G20 leaders summit,” wrote the director of the visa services division of the immigration department.
“The cause of the breach was human error. [The staff member in question] failed to check that the autofill function in Microsoft Outlook had entered the correct person’s details into the email ‘To’ field. This led to the email being sent to the wrong person.
“The risk remains only to the extent of human error, but there was nothing systemic or institutional about the breach.”
The department says it plans to reiterate to its staff the need to protect personal data at work but it is unclear whether it has made the leaders aware of the incident. It has been suggested that a failure to disclose the breach could break a number of privacy laws in other countries.
“This is a shocking breach in security that should have been disclosed immediately – however it’s actually a very common mistake,” said Tony Pepper, CEO of Egress Software Technologies.“‘Autofill’ options when entering a recipient’s details create a wide margin for human error when sharing confidential information by email. However, this is no longer an acceptable excuse, particularly when sharing such highly sensitive information.
“Mistakes happen, it’s a fact of life. Yet organisations need to ensure they give employees the right tools to work securely, while also providing a safety net should mistakes happen. Otherwise we will continue to see breaches of this kind.”
Earlier this year, several Australian government organisations were hacked by an attacker claiming to be a former LizardSquad member. Australian Communications and Media Authority (ACMA) and the Australian Nuclear Science and Technology Organisation (ANSTO) were among those affected, although only non-sensitive data was contained on their websites.
Last week, the country passed data retention laws that will allow the government to access communications metadata without the need for a search warrant. Communication service providers will be forced to store this information for two years after both major political parties backed the bill.
Are you a pedant on privacy? Try our quiz!
German foreign minister warns Russia will face consequences for “absolutely intolerable” cyberattack on ruling party,…
Google is reportedly laying off at least 200 staff from its “Core” organisation, including key…
Investor appeasement? Apple unveils huge $110 billion share buyback program, as sales of iPhone decline…
Tesla retreats from pioneering gigacasting manufacturing process, amid cost cutting and challenges at EV giant
No skynet please. After the US, UK and France pledge human only control of nuclear…
Microsoft's AI investments continue in south east Asia, after investments in Japan, Malaysia, Indonesia, as…