Immigration dept confirms asylum seeker data breach

Powered by SC Magazine

Updated: Personal details of up to 10,000 exposed.

The Department of Immigration and Border Protection (DIPB) has admitted to inadvertently leaking the personal details of close to 10,000 asylum seekers housed in Australia via its website.

News of the leak was broken today by The Guardian, which reported the database contained full names, nationalities and boat arrival dates and information of all individuals held on a mainland detention facility and on Christmas Island.

In a statement the DIPB confirmed the data breach and said it has taken the information offline.

“The department acknowledges that the file was vulnerable to unauthorised access," a spokesperson said.

“The file has been removed and the department is investigating how this occurred to ensure that it does not happen again.

“This information was never intended to be in the public domain."

The department did not clarify whether the data was accessed by other sources. Immigration minister Scott Morrison said all channels to access the data had been closed and it had not been cached by search engines.

The data involved in the breach equates to a third of all asylum seekers housed in Australia, according to The Guardian.

Opposition immigration spokesman Richard Marles said the leak appeared to be "one of the most significant breaches of privacy in Australia's history" and called it "ineptitude of the greatest degree".

"This is a government with a culture of secrecy but it is utterly unable to manage secrecy," Marles said.

"This is a government which refuses to put information into the public domain which should be in the public domain, but which [takes] private information which should be nowhere near the public domain, [and] makes it public.

"We need to understand how this happened, and there are serious questions that need to be answered by the government in relation to this."

Greens Senator Sarah Hanson-Young said the breach made a "mockery" of Prime Minister Tony Abbott's "obsession with secrecy".

"[Immigration minister Scott Morrison] needs to clarify how this occurred, how he will stop it from happening again and how he will ensure the the thousands of asylum seekers whose lives have been put at risk will now be protected because of this huge security breach," she said.

The Privacy Commissioner has announced it will investigate the breach, while the Immigration department said it has engaged KPMG to review and report on how it occured.

Click through for the security industry's analysis of the incident

Copyright © . All rights reserved.

Immigration dept confirms asylum seeker data breach
Top Stories
ANZ looks to life beyond the transaction
If digital disruptors think an online payments startup could rock the big four, they’ve missed the point of why people use banks, says Patrick Maes.
What InfoSec can learn from the insurance industry
[Blog post] Another way data breach laws could help manage risk.
A ten-point plan for disrupting security
[Blog post] How can you defend the perimeter when it’s in the cloud?
Sign up to receive iTnews email bulletins
Latest Comments
What is delaying adoption of public cloud in your organisation?

   |   View results
Lock-in concerns
Application integration concerns
Security and compliance concerns
Unreliable network infrastructure
Data sovereignty concerns
Lack of stakeholder support
Protecting on-premise IT jobs
Difficulty transitioning CapEx budget into OpEx