Feeds

Oz refugee data leak a SNAFU, says KPMG report

Politically-explosive data accessed 123 times after gov worker ignores intranet rules

Using blade systems to cut costs and sharpen efficiencies

Australia's Department of Immigration and Border Protection needs to tighten up its publishing processes to prevent repeats of a January incident that saw personal details of 10,000 asylum seekers placed on the Web for all to see.

Asylum seekers are a very controversial issue in Australia, especially those that arrive by boat. The nation's recently-elected government has decided they must be repelled using secret naval operations and that nobody who arrives by boat will ever be settled in Australia. While popular among the electorate, the policies continue to attract much criticism as inhumane in their execution and inappropriate in their lack of generosity.

Such criticisms were fuelled anew by the January leak.

The Department commissioned a review and then a version of that document suitable for public consumption. Released yesterday, the public review (PDF) says the data became available because “... a Microsoft Word document … allowed access to source data”.

The Word document likely made it onto the web because “The processes adopted in producing and publishing the Document appears to have not conformed with the roles and responsibilities set out in either the web publishing and governance intranet guidance or the online style guide.”

The review says the style guide is “potentially ambiguous in some areas” but sets out requirements for publication that “appear not to have been followed.”

The report says it cannot find “any indications that the disclosure of the underlying data was intentional or malicious.”

In other words, someone in the Department didn't follow the rules and data ended up online.

104 unique IP addresses accessed the file 123 times.

The review goes on to suggest that processes be put in place to ensure that when Departmental staff access data it be “normalised and cleansed in a secure environment” to ensure it cannot reach the public. There are also calls for processes and checks to ensure that documents placed on the web don't link to data or other information intended only for staffers' eyes.

That the department needs such programs is not good news: it has been troubled for a decade or more and recently underwent a major IT overhaul. Questions-a-plenty about the efficacy of that program, and whether the department can effectively carry out its role, are probably being drafted as you read this story. ®

The smart choice: opportunity from uncertainty

More from The Register

next story
NEW, SINISTER web tracking tech fingerprints your computer by making it draw
Have you been on YouPorn lately, perhaps? White House website?
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Black Hat anti-Tor talk smashed by lawyers' wrecking ball
Unmasking hidden users is too hot for Carnegie-Mellon
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Own a Cisco modem or wireless gateway? It might be owned by someone else, too
Remote code exec in HTTP server hands kit to bad guys
prev story

Whitepapers

Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.