Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Federal Privacy Commissioner investigating AAPT data breach

Timothy Pilgrim will determine if the internet service provider’s (ISP) practices were consistent with Privacy Act

Internet service provider (ISP), AAPT, which was the target of a data breach by hacktivist group, Anonymous, is now under the spotlight of Federal Privacy Commissioner, Timothy Pilgrim.

A server used by AAPT was compromised in the attack. Pilgrim said in a statement that both AAPT and the server’s owner, Melbourne IT, are being investigated over the data leakage which included documents showing federal government accounts, information from departments such as the Australian Federal Police (AFP) and names of AAPT staff members.

“I opened an investigation into AAPT and Melbourne IT after customer data had been compromised in a recent hacking attack,” he said.

“I will look at whether their practices were consistent with the Privacy Act at the time of the incident.”

On 30 July, the Office of the Australian Information Commissioner (OAIC) confirmed that it had been in contact with AAPT to discuss the incident and had received a report from the ISP about the data breach.

The OAIC and the Australian Media and Communications Authority (ACMA) do not have powers to invoke financial penalties on companies for breaches. However, the Privacy Act is currently undergoing reforms, with increased powers slated for the Privacy Commissioner, including the ability to seek civil remedies and enforce undertakings.

Anonymous released some of the 40GB of data that was taken from AAPT’s compromised server on 30 July as part of a campaign against the Australian Government’s proposed data retention laws which are currently under discussion by the Parliamentary Joint Committee on Intelligence and Security (PJCIS).

One of the proposals includes "tailored data retention periods for up to two years for parts of a data set", with every internet users' entire web history logged and stored for up to two years.

Melbourne IT chief executive, Theo Hnarakis, said at the time that the company was investigating the breach. According to Hnarakis, the incident was related to a specific vulnerability which only affected a small number of servers.

“We believe this was an isolated incident however we are treating the matter extremely seriously and are undertaking multiple additional scans across our entire infrastructure base which includes a large number of servers,” he said.

A Melbourne IT spokesperson confirmed that the company is assisting the Commissioner with the investigation.

Follow Hamish Barwick on Twitter: @HamishBarwick

Follow Computerworld Australia on Twitter: @ComputerworldAU, or take part in the Computerworld conversation on LinkedIn: Computerworld Australia

Recommended

  1. Australian National University adds augmented reality to mobile ...

  2. Industry welcomes ICT education funding

  3. With budget, NSW government leads Australia on ICT: ...

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

References show all
Comments are now closed.
Related Whitepapers
Latest Stories
Community Comments
Latest Blog Posts
Whitepapers
  • Top Five Reasons Why Customers Deploy a Flash 1st Strategy on EMC VNX Storage
    Customers are increasingly virtualising their environments to maximize capacity and cut cost. With only a few Flash drives and the software products in the FAST Suite, EMC VNX customers can realise those same benefits in their storage environment with a Flash 1st data strategy. Download now and find out how customers no longer have to compromise between performance & TCO.
    Learn more »
  • Protecting Your Data, Intellectual Property, and Brand from Cyber Attacks
    Enterprises and government agencies are under virtually constant attack today. It is clear that the cybercriminals, nation-states, and hacker activists waging these attacks are growing increasingly sophisticated and more effective in their efforts to steal and sabotage. Why are today’s security defenses failing? In this battle, your security teams are using outdated arsenal - download now to learn more.
    Learn more »
  • Spear-Phishing Email: Most Favored APT Attack Bait
    This research paper presents findings on APT-related spear phishing from February to September 2012. We analysed APT-related spear-phishing emails collected throughout this period to understand and mitigate attacks. The information we gathered not only allowed us to obtain specific details on spear phishing but also on targeted attacks. We found, for instance, that 91% of targeted attacks involve spear-phishing emails, reinforcing the belief that spear phishing is a primary means by which APT attackers infiltrate target networks.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments

Computerworld
ARN
CFO World
CMO