[AusNOG] Stay Smart, is not so Smart
Thomas Jackson
thomas at thomax.com.au
Mon Jul 9 13:39:14 EST 2012
Packages get lost quite regularly (I used to write warehouse management systems for a living, so I had a fair bit of exposure to that).
In the end, the data should have been encrypted no matter how it was sent.
From: ausnog-bounces at lists.ausnog.net [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Noel Butler
Sent: Monday, 9 July 2012 12:44 PM
To: Jared Hirst
Cc: ausnog at ausnog.net
Subject: Re: [AusNOG] Stay Smart, is not so Smart
On Mon, 2012-07-09 at 11:24 +1000, Jared Hirst wrote:
Why would they send such data via Australia post???
Indeed... that's what internal couriers are for, heck, even public couriers (and some public couriers can be almost as cheap as Aus post anyway)
On Jul 6, 2012 6:07 PM, "Noel Butler" <noel.butler at ausics.net> wrote:
Some miscreant spammer might think they've won the lotto if they get this....
6 July 2012
Notification of Subscriber Data Loss
Dear Subscriber
We are writing to notify you that the Department has been advised by a former external contractor that a DVD which included information provided by Stay Smart Online Alert Service subscribers was lost in Australia Posts’ system, after being posted on 11 April 2012.
The external contractor provided the Alert Service on behalf of the Department of Broadband, Communications and the Digital Economy (‘the Department’) from 2008 until 29 April 2012, when its contract with the Department expired. As you may be aware, the Stay Smart Online Alert Service is currently being re-developed by the Department in collaboration with two new contractors.
As part of the expiry of contract handover process, the original contractor advised that it copied its SSO Alert Service subscriber database onto a DVD and, on 11 April 2012, posted this DVD to the Department using Australia Post’s express post service. Unfortunately, this DVD was never received by the Department. The original contractor has informed the Department that information on the missing DVD included subscribers’: usernames; email addresses; memorable phrases; and passwords which are unreadable (as cryptographic hash).
The Department has no reason to believe that this information has been found and misused by any third party and we do not believe that there is a privacy risk. We are informing subscribers consistent with a ‘best practice’ approach for privacy matters.
However, if you have used the same username, memorable phrase and/or password for other websites or services you may wish to consider whether these need to be changed.
For information on password security and other tips and advice on how to be safe and secure online, visit Stay Smart Online website (www.staysmartonline.gov.au).
Regards
Stay Smart Online Team
_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20120709/30ac7af7/attachment.html>
More information about the AusNOG
mailing list