[AusNOG] Stay Smart, is not so Smart

James Hodgkinson yaleman at ricetek.net
Fri Jul 6 19:57:35 EST 2012 

Seriously, they transferred that data unencrypted? We won't put
anything like that into 3rd-party transport without encryption :S

James

(To the list this time, sorry OP.)

On 6 July 2012 18:00, Noel Butler <noel.butler at ausics.net> wrote:
> Some miscreant spammer might think they've won the lotto if they get
> this....
>
>
>
> 6 July 2012
>
>
> Notification of Subscriber Data Loss
>
> Dear Subscriber
>
> We are writing to notify you that the Department has been advised by a
> former external contractor that a DVD which included information provided by
> Stay Smart Online Alert Service subscribers was lost in Australia Posts’
> system, after being posted on 11 April 2012.
>
> The external contractor provided the Alert Service on behalf of the
> Department of Broadband, Communications and the Digital Economy (‘the
> Department’) from 2008 until 29 April 2012, when its contract with the
> Department expired.  As you may be aware, the Stay Smart Online Alert
> Service is currently being re-developed by the Department in collaboration
> with two new contractors.
>
> As part of the expiry of contract handover process, the original contractor
> advised that it copied its SSO Alert Service subscriber database onto a DVD
> and, on 11 April 2012, posted this DVD to the Department using Australia
> Post’s express post service. Unfortunately, this DVD was never received by
> the Department. The original contractor has informed the Department that
> information on the missing DVD included subscribers’: usernames; email
> addresses; memorable phrases; and passwords which are unreadable (as
> cryptographic hash).
>
> The Department has no reason to believe that this information has been found
> and misused by any third party and we do not believe that there is a privacy
> risk.  We are informing subscribers consistent with a ‘best practice’
> approach for privacy matters.
>
> However, if you have used the same username, memorable phrase and/or
> password for other websites or services you may wish to consider whether
> these need to be changed.
>
> For information on password security and other tips and advice on how to be
> safe and secure online, visit Stay Smart Online website
> (www.staysmartonline.gov.au).
>
> Regards
>
> Stay Smart Online Team
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>

More information about the AusNOG mailing list