Feeds

Oz refugee data leak a SNAFU, says KPMG report

Politically-explosive data accessed 123 times after gov worker ignores intranet rules

Choosing a cloud hosting partner with confidence

Australia's Department of Immigration and Border Protection needs to tighten up its publishing processes to prevent repeats of a January incident that saw personal details of 10,000 asylum seekers placed on the Web for all to see.

Asylum seekers are a very controversial issue in Australia, especially those that arrive by boat. The nation's recently-elected government has decided they must be repelled using secret naval operations and that nobody who arrives by boat will ever be settled in Australia. While popular among the electorate, the policies continue to attract much criticism as inhumane in their execution and inappropriate in their lack of generosity.

Such criticisms were fuelled anew by the January leak.

The Department commissioned a review and then a version of that document suitable for public consumption. Released yesterday, the public review (PDF) says the data became available because “... a Microsoft Word document … allowed access to source data”.

The Word document likely made it onto the web because “The processes adopted in producing and publishing the Document appears to have not conformed with the roles and responsibilities set out in either the web publishing and governance intranet guidance or the online style guide.”

The review says the style guide is “potentially ambiguous in some areas” but sets out requirements for publication that “appear not to have been followed.”

The report says it cannot find “any indications that the disclosure of the underlying data was intentional or malicious.”

In other words, someone in the Department didn't follow the rules and data ended up online.

104 unique IP addresses accessed the file 123 times.

The review goes on to suggest that processes be put in place to ensure that when Departmental staff access data it be “normalised and cleansed in a secure environment” to ensure it cannot reach the public. There are also calls for processes and checks to ensure that documents placed on the web don't link to data or other information intended only for staffers' eyes.

That the department needs such programs is not good news: it has been troubled for a decade or more and recently underwent a major IT overhaul. Questions-a-plenty about the efficacy of that program, and whether the department can effectively carry out its role, are probably being drafted as you read this story. ®

Remote control for virtualized desktops

More from The Register

next story
Webcam hacker pervs in MASS HOME INVASION
You thought you were all alone? Nope – change your password, says ICO
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Meet OneRNG: a fully-open entropy generator for a paranoid age
Kiwis to seek random investors for crowd-funded randomiser
USB coding anarchy: Consider all sticks licked
Thumb drive design ruled by almighty buck
Attack reveals 81 percent of Tor users but admins call for calm
Cisco Netflow a handy tool for cheapskate attackers
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Managing SSL certificates with ease
The lack of operational efficiencies and compliance pitfalls associated with poor SSL certificate management, and how the right SSL certificate management tool can help.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.