The Australian Bureau of Statistics has been telling anyone who will listen just how great it is at security, and how our data will be safe with them, because they have never had a breach. While this reasoning is optimistic at best, and negligent at worst, our tipsters have pointed out that the ABS already has a less than stellar record when it comes to online security. A tipster, employed by the ABS as one of its contracted census staff, received this email yesterday after an ABS staffer failed to hide the email addresses used in a group email:
Recently you may have received an email from Census HR requesting you provide your emergency contact details to the Australian Bureau of Statistics (ABS).
It has come to my attention that this email was sent to a number of other recipients with email addresses in the ‘To’ field rather than the ‘Bcc’ field, which may have resulted in your email address being visible to other recipients.
I sincerely apologise for this mistake.
I also want to reassure you that the ABS takes security of your personal information very seriously and has a number of internal procedures in place to avoid issues such as this. In this instance the matter resulted from human error in not following standard procedures.
Census HR has notified ABS Senior Management and has taken internal actions to ensure this doesn’t happen again.
To avoid the possibility of further disclosure, could you please delete the email from [redacted] of the 2nd August 2016.
Again, my sincerest apologies for this error. Please feel free to contact me directly if you would like to discuss further.
Another tipster had their concerns about the ABS’ security in the face of hacking attempts confirmed by the ABS website’s own disclaimer. Under the heading “Security of the ABS website” users are told:
“The ABS applies a range of security controls to protect its website from unauthorised access. However, users should be aware that the World Wide Web is an insecure public network that gives rise to a potential risk that a user’s transactions are being viewed, intercepted or modified by third parties or that files which the user downloads may contain computer viruses, disabling codes, worms or other devices or defects.
“The Australian Government accepts no liability for any interference with or damage to a user’s computer system, software or data occurring in connection with or relating to this website or its use. Users are encouraged to take appropriate and adequate precautions to ensure that whatever is selected from this site is free of viruses or other contamination that may interfere with or damage the user’s computer system, software or data.”
And they wonder why we have issues with our names, addresses and other identifying information being stored for years on their servers …