Feeds

Oz 'pseudo-ID card' database racked by identity fraud claims

19 sacked, 92 resigned

Top three mobile application threats

Australia's citizen database was routinely searched for personal reasons by government agency employees, some of whom have been sacked. Police are now investigating allegations of identity fraud resulting from the security breaches.

There were 790 security breaches at government agency Centrelink involving 600 staff. Staff were found to have inappropriately accessed databases containing citizens' information.

The databases are used to administer social security, pension and unemployment benefits. Prime Minister John Howard is said to be considering a proposal which would use this database for a new national identity card which is under consideration.

In total 19 Centrelink employees have been sacked and 92 others have resigned. Police are conducting investigations into five employees, they said.

The man charged with protecting citizens' privacy in relation to the project said that the government must do more to prevent this kind of security breach when so much vital information is gathered in one place.

"The Centrelink revelations are deeply disturbing,” Professor Allan Fels told Australian ABC radio. “I take some comfort from the fact that the government has caught them and punished them, but there is still a huge weight now on the government to provide full, proper legal and technical protection of privacy with the access card.”

The police have confirmed that investigations are ongoing after five referrals were made to it from Centrelink. At least one of the cases is believed to involve allegations of the establishment of fake identities to be used to receive payments.

The investigation took two years and involved the use of sophisticated spying equipment. Union officials said that staff had repeatedly been warned about the inappropriate accessing of records.

"Customer records should only be accessed for business reasons and we do not tolerate staff surfing the details of family and friends or peeking at records of neighbours," said Centrelink chief executive Jeff Whalan. "As a result we revamped our techniques to assist us to keep improper conduct in check, and we are committed to maintaining that process."

Australian government minister Joe Hockey, who is responsible for the smart card project, told Channel Seven news there that the privacy breaches will not derail the plan, which will continue to be implemented.

Editor's note, 29/08/2006: Some of our Australian readers pointed out inaccuracies in the original version of this story. These have been corrected. OUT-LAW apologises for these errors.

Copyright © 2006, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

SANS - Survey on application security programs

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.