Australian businesses are being warned to ensure confidential customer information submitted online is kept safe from prying eyes, after ticketing company Ticketmaster7 was investigated by the Federal Privacy Commissioner.
Malcolm Crompton, Australia's federal privacy commissioner, told iTnews that it was a "word of warning to all Australian companies", to ensure they protected customer's privacy. He said it was a good time for companies to make sure that they weren't subjecting themselves to the same risk.
Ticketmaster7 was investigated for a breach of the Privacy Act, relating to an online enquiry service the ticketing company had on its website. Last December Crompton's office became aware that personal information submitted by people contacting Ticketmaster 7 could be viewed on the company's website.
"Due to a coding error on the Ticketmaster7 website, it was possible to access the personal information of people who had made online enquires of Ticketmaster7 simply by changing the last four digits in the web address," said a statement from the Privacy Commissioner's office.
According to the statement, people using the service were given a unique website address so they could track the progress of their enquiry. When the four numbers at the end of this were entered differently, details of other enquires were revealed. This included names, phone numbers, and email addresses.
"Ticketmaster7 is lucky that no complaints regarding the security breach have been made to the Office [of the Federal Privacy Commissioner] by Ticketmaster7 customers," Crompton said.
However, the Commissioner also said that Ticketmaster7 were fast and responsive once it alerted the company to the breach. The ticketing company closed down the web service that was vulnerable.
Ticketmaster7 isn't the first company to get itself in hot water over breaches of privacy legislation. Crompton said it sets out to cooperate with companies under these sorts of circumstances. "Australian organisations are extremely responsive -- we haven't had to take anyone to court," he said.
"I caution all companies to ensure they are meeting their obligations under the Privacy Act, especially when it comes to their online activities," Crompton said. "There is no longer any excuse for not having privacy built into information system redesign and/or upgrades."
When contacted by iTnews, Maria O'Connor -- managing director at Ticketmaster7 --said the company had fixed the problem as soon as it became aware of the privacy breach.
"We'll continue to be strident in checking out our systems and services we offer to the public," O'Connor said.
She said the coding error had occurred when its programmers were setting up the service, and that there hadn't been a large number of records in the file.