Another data breach involving Australian Government, this time involving the Federal MPS
March 21, 2017 |
Transparency is an important part of government administration. That includes providing details of the costs of administration. To that end publishing the cost of the use of telecommunications devices by MPs is hardly controversial. Unless of course it involves a significant breach of privacy, including a breach of the Privacy Act 1988. The Department of Parliamentary Services did not properly delete the phone numbers when posting the bills. As a result a whole range of sensitive telephone numbers have been released. It is reported by the Fairfax press as well as the ABC(amongst others).
As is often the case he processing of the information was contracted out, here to TELCO Management. It is not surprising then that the Department of Parliamentary Services will quickly and lustily will blame TELCO. Perfectly predictable and understandable. But ultimately it is the agency that is responsible.
The Age article provides:
The private mobile phone numbers of hundreds of federal politicians, former prime ministers and senior political staffers have been inadvertently published online in an embarrassing blunder by a government department.
The Department of Parliamentary Services failed to properly delete the numbers before it published the most recent round of politicians’ phone bills on the Parliament House website, potentially compromising the privacy and security of MPs from cabinet ministers down.
In a massive breach of privacy and security, parliamentary officials have inadvertently published the private numbers of past and present politicians.
While in previous years the numbers were taken out of the PDF documents altogether, this time it appears the font was merely turned white – meaning they could still be accessed using copy and paste.
The only numbers absent were those of the very top cabinet ministers including Prime Minister Malcolm Turnbull, Treasurer Scott Morrison, Attorney-General George Brandis and a handful of others.
But Opposition Leader Bill Shorten and his staffers were among those compromised, as well as cabinet ministers including Deputy Prime Minister Barnaby Joyce, Christopher Pyne, Mitch Fifield and Christian Porter.
Former prime ministers including Julia Gillard, John Howard and Paul Keating have also had their numbers released.
The department has blamed a private contractor, TELCO Management, for the stuff-up.
“In the most recent report provided by the contractor, it became possible to view the official mobile phone number of parliamentarians and their staff even though they appeared redacted from the published files,” a spokesperson said.
“The DPS will work with parliamentarians to address privacy concerns and change mobile numbers if required.”
Cyber security expert Greg Austin said the breach could help foreign powers with intelligence gathering.
“I wouldn’t see it necessarily as leading directly to significant exposure,” said Professor Austin, from the Australian Centre for Cyber Security at UNSW.
“But this sort of data can form part of an intelligence picture for foreign intelligence agencies and can be used in a number of ways after that. Knowing the private phone numbers of these people also helps foreign intelligence agencies form a view of who is talking to who. So it’s not good.”
Greens leader Richard Di Natale and other minor party leaders also had their contact information published.
Retired MPs including former Liberal ministers Andrew Robb and Jamie Briggs have also had their contact details released.
The numbers – for all MPs who served between January and June last year, before the July election – were easily and publicly accessible on the website for more than three months.
They were quickly deleted by DPS on Monday after Fairfax Media alerted the department to the breach.
The phone records are published every six months, to show how much politicians and their staff are spending on calls.
TELCO Management has been contacted for comment. Tender documents show the department paid TELCO $20,350 last year for “provision of telecommunications invoice reconciliation systems”.
[…] Another data breach involving Australian Government, this time involving the Federal MPS […]