Skip to main content
Youngman Consultancy Blog 
Through the use of Facebook, Twitter, Linked In and this Blog, Youngman Consultancy demonstrates its commitment to ensuring people have the help needed to address their right to hold governments accountable and protect their own privacy. It is only by knowing your rights and being prepared to speak up that you can ensure a just society for all of its members.
If no one said All that is required for evil to prevail is for good men to do nothing.”, then someone should have, because it is true. The same thing goes for bullies and injustice. As scary as it can be, if you are going to consider yourself human, then you have to speak out for what it right.
Friday, December 07 2012
The 10 top US breaches are as follows:
1.     3.3 million unencrypted bank account numbers and 3.8 million tax returns were stolen from the South Carolina Department of Revenue.
2.     Sensitive payroll records for approx 700,000 individuals was lost in the mail en route between IT contractors with Hewlett Packard and the California Department of Social Services.
3.     The health information of more than 780,000 Utah citizens was put at risk when Eastern European hackers broke into a server maintained by the Utah Department of Technology Services.
4.     California Department of Child Support Services lost more than 800,000 sensitive health and financial records when a FedEx shipment sent by the state's contractors with IBM and Iron Mountain containing backup tapes with the data in question fell off the proverbial truck.
5.     Anonymous embarrassed the US Bureau of Justice Statistics when it leaked 1.7 GB of sensitive data belonging to the Bureau.
6.     Anonymous recently hacked the City of Springfield website and stole more than 1,000 vehicle descriptions from online police reports and records from more than 280,000 summons filed in city digital data stores.
7.     Digital Corruption Hackers busted into Homeland Security and U.S. Navy websites. They stole database information that included usernames, passwords, email IDs, and security questions and answers for all users on the Navy's Smart Web Move website and Homeland Security's Transportation Worker Identification Credential website.
8.     The Wisconsin Department of Revenue reported it exposed sensitive seller information of more than 110,000 people and businesses who sold property in 2011 by allowing an unknown embedded file in a Microsoft Access file with public-facing sales data to go live with that information in a report that was available to real estate professionals from April through July.
9.     Personally identifiable information of 10,000 NASA employees was left on an unencrypted agency laptop, which was subsequently stolen from an employee's car on Halloween.
10. The New Hampshire Department of Corrections found that inmates at a state correctional facility were able to access the main offender management database system because the system was linked to a server that inmates working in the prison industries shops used. Access to the system allowed inmates to change parole dates and sentencing information, as well as view personally identifiable information on prison staff members.
Australian’s have no reason to be complacent. The Federal Privacy Commissioner’s website records a number of incidents of breaches in recent times:
1.     The Commissioner found that the disclosure of Telstra’s customers' personal information occurred on a large scale and over a substantial period of time. Overall, it reset around 73,000 customer passwords and initiated a customer contact strategy to inform customers who were potentially affected by phone, SMS, email or direct mail. The Visibility Tool had been accessible externally between 26 July 2011 and 19 October 2011. Later in October 2011, a software restoration was undertaken and it inadvertently restored incorrect software settings that meant that in December 2011, the Visibility Tool was once again available externally.
The disclosure of Telstra customers' personal information was not a result of a one-off human error but rather a series of errors that revealed significant weaknesses in Telstra's reporting, monitoring and accountability systems. The fact that a number of people were aware of the errors and did not raise them with higher management demonstrates that Telstra's policies and procedures had not been followed on a number of occasions.
2.     On 21 September 2011, the secure section of the First State Super Trustee Corporation (FSS) website was accessed by an unauthorised person. It was alleged that the unauthorised person then downloaded 568 members’ statements from the site. It was also alleged that this person contacted FSS volunteering this information and promoting himself as a ‘white hat’ hacker intending to improve their computer security. He also stated that he runs a business specialising in firewall penetration and vulnerability assessment.
3.     On 27 April 2011, the Australian Privacy Commissioner commenced an investigation following media reports that an unauthorised person accessed personal information of approximately 77 million customers of the Sony PlayStation Network/Qriocity,[2] including customers in Australia. A media report said that individuals'names, addresses and other personal data potentially including credit card details had been compromised by the incident.
Despite a wide range of security measures, the security of the Network Platform was compromised as a result of a targeted cyber-attack.
4.     Telstra notified the Office of the Australian Information Commissioner (the OAIC) that a mailing list error had resulted in approximately 60,300 letters with incorrect addresses being mailed out.
5.     Media reports of 9 and 10 January 2011 claimed that billing and call records for up to four million customers were available on a publicly accessible website protected only by passwords that change every three months. Vodafone's internal investigation confirmed that no login IDs, passwords or customer data were ever available on the internet or on the Vodafone website.
While the information available to the Privacy Commissioner showed that the reported incident was not a disclosure in breach of NPP 2.1, he considers that, at the time of the incident, Vodafone did not have an adequate level of security in place to protect the personal information it held in its Siebel system.
Posted by: Youngman Consultancy AT 11:00 am   |  Permalink   |  0 Comments  |  Email

Post comment
Email Address

(max 750 characters)
* Required Fields
Note: All comments are subject to approval. Your comment will not appear until it has been approved.

Youngman Consultancy | Expert advice in GIPA (FOI) and Privacy
Servicing all areas of NSW
Phone: 0425 372 262
Create a Website Australia | DIY Website Builder