Consequences of data breach of Queensland education data breach
November 16, 2015 |
Data breaches are one thing. The real issue is the impact of data breaches. The data breach of Queensland Department of Education and TAFE highlights the unfortunate consequences. The personal information accessed includes very sensitive information including complaints of sexual assault. This has been reported in Sexual assault complaints caught up in Qld Education hack. This phenomenon is not extraordinary. In collecting personal information organisations and agencies collect the mundane, the financial and the deeply sensitive. When Sony was attacked and hacked the information taken ranged from embarrassing internal emails, copies of films and Sony Employees health records. What is concerning about the Queensland attacks is that the breach only became known when the hacker made a threat on the authorities. That indicates inadequate internal controls. The somber reality is that breaches will occur. It is important to detect the breaches and deal with them.
More than 600 records accessed, 16 people notified.
The Queensland government has admitted records compromised by a hack on TAFE and Department of Education websites included sensitive personal information, including complaints of sexual assault dating back to 2013.
The concession comes despite Skills Minister Yvette D’Ath assuring parliament earlier this week that the accessed records were no more sensitive than what might be available “on other public websites like the White Pages”.
On Tuesday, government chief information officer Andrew Mills confirmed hackers had successfully infiltrated the websites of Queensland TAFE and the Department of Education and accessed data submitted via online feedback and enquiry forms.
The government discovered the intrusion when it was emailed an anonymous threat in relation to the stolen information.
This week, Education Minister Kate Jones and D’Ath have kept quiet about what information was accessed, citing police concerns about the ongoing threat posed by the hack and the integrity of the investigation into the incident.
However, with revelations about sensitive data making it into the hands of members of the public, including opposition MPs, Jones said she had been given a green light by Police Commissioner Ian Stewart to confirm some more details.
“As there has been an unauthorised disclosure of information today, he has approved the release of the following: in relation to the Department of Education and Training, more than 600 records dating back to 2013 were accessed illegally,” she said yesterday.
“However, in relation to records deemed to be of a more sensitive nature, the department has contacted 16 people to alert them to this cyber crime. I can confirm that all of these matters dating back to 2013 were dealt with appropriately at the time.”
She also said the “unauthorised disclosure” of the content of the compromised information had been referred to the crime and corruption commission by the Department of Education director-general.
“The unauthorised release of this information is deeply concerning and has been provided publicly against the consistent advice of the Queensland Police Service and the Queensland Government chief information officer,” she said.
The hacking has been reported to the Queensland Police, the Australian Federal Police and the Australian Cyber Security Centre.
[…] Consequences of data breach of Queensland education data breach […]