Personal details of nearly 50,000 Australian employees exposed in data breach
INCLUDING CREDIT CARD DETAILS AND SALARIES
IN WHAT COULD be the country’s second-largest data breach since the Red Cross leak last year (when medical information of over half a million blood donors was revealed), 48,270 personal records of employees in the public and private sector have been inadvertently exposed by a third-party contractor because of a misconfigured Amazon S3 bucket, a form of cloud storage. The information exposed — discovered by a Polish security expert — includes names, passwords, IDs, phone numbers, email addresses, some credit card numbers, and staff salaries and expenses.
Thousands of personal files from the Department of Finance, Australian Electoral Commission and National Disability Insurance Agency have been compromised, while the most affected in the private sector was insurance company AMP. Other businesses affected include utility company UGL and Rabobank. Despite this, none of the affected parties have named the contractor responsible, but a spokesperson for the Australian Cyber Security Centre said the government was made aware of the breach in early October and “immediately contacted the external contractor and worked with them to secure the information and remove the vulnerability”.