Personal details of 774,000 individuals in Australia's migration system have been exposed in a data breach.
The data was made publicly available via the Home Affairs Department's SkillsSelect platform, which invites skilled workers and entrepreneurs to express interest in moving Down Under.
Partial names, ADUserIDs, and the outcome of applications made by people wishing to migrate to Australia were discovered online by Guardian Australia via a publicly available app hosted on the employment department's domain. Other information uncovered by the newspaper included the age, country of birth, and marital status of applicants.
In total, the breach revealed 774,326 unique user IDs and 189,426 completed expressions of interest, dating back to 2014. By applying filters, the Guardian was able to narrow down an expression of interest to a single entry, then discover other details relating to that particular applicant.
News of the breach comes as the Australian government is asking people to voluntarily adopt a new contact-tracing app, CovidSafe, to slow the spread of the novel coronavirus. A cybersecurity failure in one government app could make Australians reticent to input their personal information into another.
Australian Privacy Foundation board member Monique Mann told Guardian Australia the breach was “very serious . . . especially at a time where the Australian government is expecting trust.”
Mann described the Australian government as having a "consistently poor track record that shows that we cannot trust them with our personal information,” and went on to call the unnecessary exposure of migrant data "absolutely ludicrous."
Privacy academic, cryptographer, and chief executive of Thinking Cybersecurity Vanessa Teague ..
Support the originator by clicking the read the rest link below.
