[AusNOG] Stay Smart, is not so Smart

Noel Butler noel.butler at ausics.net
Mon Jul 9 12:43:46 EST 2012 

On Mon, 2012-07-09 at 11:24 +1000, Jared Hirst wrote:

> Why would they send such data via Australia post???
> 


Indeed... that's what internal couriers are for, heck, even public
couriers (and some public couriers can be almost as cheap as Aus post
anyway)


> On Jul 6, 2012 6:07 PM, "Noel Butler" <noel.butler at ausics.net> wrote:
> 
>         Some miscreant spammer might think they've won the lotto if
>         they get this....
>         
>         
>         
>         6 July 2012
>         
>         
>         Notification of Subscriber Data Loss
>         
>         Dear Subscriber
>         
>         We are writing to notify you that the Department has been
>         advised by a former external contractor that a DVD which
>         included information provided by Stay Smart Online Alert
>         Service subscribers was lost in Australia Posts’ system, after
>         being posted on 11 April 2012. 
>         
>         The external contractor provided the Alert Service on behalf
>         of the Department of Broadband, Communications and the Digital
>         Economy (‘the Department’) from 2008 until 29 April 2012, when
>         its contract with the Department expired.  As you may be
>         aware, the Stay Smart Online Alert Service is currently being
>         re-developed by the Department in collaboration with two new
>         contractors. 
>         
>         As part of the expiry of contract handover process, the
>         original contractor advised that it copied its SSO Alert
>         Service subscriber database onto a DVD and, on 11 April 2012,
>         posted this DVD to the Department using Australia Post’s
>         express post service. Unfortunately, this DVD was never
>         received by the Department. The original contractor has
>         informed the Department that information on the missing DVD
>         included subscribers’: usernames; email addresses; memorable
>         phrases; and passwords which are unreadable (as cryptographic
>         hash).  
>         
>         The Department has no reason to believe that this information
>         has been found and misused by any third party and we do not
>         believe that there is a privacy risk.  We are informing
>         subscribers consistent with a ‘best practice’ approach for
>         privacy matters.
>         
>         However, if you have used the same username, memorable phrase
>         and/or password for other websites or services you may wish to
>         consider whether these need to be changed.   
>         
>         For information on password security and other tips and advice
>         on how to be safe and secure online, visit Stay Smart Online
>         website (www.staysmartonline.gov.au).
>         
>         Regards
>         
>         Stay Smart Online Team
>         
>         
>         _______________________________________________
>         AusNOG mailing list
>         AusNOG at lists.ausnog.net
>         http://lists.ausnog.net/mailman/listinfo/ausnog
>         

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20120709/7b24ad35/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20120709/7b24ad35/attachment.sig>

More information about the AusNOG mailing list