There are reports that the vendor involved is AusCERT as well which makes my head hurt.<br><br><a href="http://www.zdnet.com/oz-govt-loses-stay-smart-online-user-details-via-australia-post-7000000398/">http://www.zdnet.com/oz-govt-loses-stay-smart-online-user-details-via-australia-post-7000000398/</a><br>
<br>Damien<br><br><div class="gmail_quote">On Mon, Jul 9, 2012 at 11:24 AM, Jared Hirst <span dir="ltr"><<a href="mailto:jared.hirst@serversaustralia.com.au" target="_blank">jared.hirst@serversaustralia.com.au</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><p>Why would they send such data via Australia post???</p>
<div class="gmail_quote"><div><div class="h5">On Jul 6, 2012 6:07 PM, "Noel Butler" <<a href="mailto:noel.butler@ausics.net" target="_blank">noel.butler@ausics.net</a>> wrote:<br type="attribution"></div>
</div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5">
<u></u>
<div>
Some miscreant spammer might think they've won the lotto if they get this....<br>
<br>
<br>
<br>
6 July 2012<br>
<br>
<br>
Notification of Subscriber Data Loss<br>
<br>
Dear Subscriber<br>
<br>
We are writing to notify you that the Department has been advised by a former external contractor that a DVD which included information provided by Stay Smart Online Alert Service subscribers was lost in Australia Posts’ system, after being posted on 11 April 2012. <br>
<br>
The external contractor provided the Alert Service on behalf of the Department of Broadband, Communications and the Digital Economy (‘the Department’) from 2008 until 29 April 2012, when its contract with the Department expired. As you may be aware, the Stay Smart Online Alert Service is currently being re-developed by the Department in collaboration with two new contractors. <br>
<br>
As part of the expiry of contract handover process, the original contractor advised that it copied its SSO Alert Service subscriber database onto a DVD and, on 11 April 2012, posted this DVD to the Department using Australia Post’s express post service. Unfortunately, this DVD was never received by the Department. The original contractor has informed the Department that information on the missing DVD included subscribers’: usernames; email addresses; memorable phrases; and passwords which are unreadable (as cryptographic hash). <br>
<br>
The Department has no reason to believe that this information has been found and misused by any third party and we do not believe that there is a privacy risk. We are informing subscribers consistent with a ‘best practice’ approach for privacy matters.<br>
<br>
However, if you have used the same username, memorable phrase and/or password for other websites or services you may wish to consider whether these need to be changed. <br>
<br>
For information on password security and other tips and advice on how to be safe and secure online, visit Stay Smart Online website (<a href="http://www.staysmartonline.gov.au" target="_blank">www.staysmartonline.gov.au</a>).<br>
<br>
Regards<br>
<br>
Stay Smart Online Team
</div>
<br></div></div><div class="im">_______________________________________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
<br></div></blockquote></div>
<br>_______________________________________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
<br></blockquote></div><br>