In brief: The Department of Broadband Communications and the Digital Economy had requested AusCERT (Australian Computer Emergency Response Team) to ship the now lost Stay Smart Online subscriber database through the post mail, freedom of information documents reveal.
The DVD containing the usernames and passwords of subscribers to the Federal Government's Stay Smart Online Alert Service was lost in the mail in April last year and reported in June.
The agency's Cybersecurity and Asia Pacific Engagement branch asked that AusCERT "arrange a hand-to-hand courier" to transport the data.
That decision perplexed some in the IT sector who questioned why the data was not sent electronically.
The documents also revealed the encrypted records were not salted.
In a statement the department admitted it had "no standard policy" for the transfer of databases like the Stay Smart Online database, adding it was AusCERT's responsibility to use an "appropriately secure method".
