Fisheries Queensland has blamed a software bug introduced via an update for an incident that left users of its Fishnet Secure portal exposed over the break.
The Courier Mail first reported the incident on Wednesday this week, revealing that “fishermen attempting to log in discovered they could get in to any account on the supposedly protected portal without a password."
FishNet Secure allows holders of Queensland fishing permits, licences and quotas to manage them online.
A Fisheries Queensland spokesperson told iTnews late Friday that “a total of 23 clients recorded transactions during the fault period” over Christmas and the New Year.
“All have been contacted and no unauthorised transactions have been identified,” the spokesperson said.
The “fault was believed to have occurred after a recent enhancement to the application”, the spokesperson added.
“The application and change processes have been revised to ensure the secure password function is tested prior to the release of any future enhancements.
“Fisheries Queensland has asked the software developer for a log of access activities to identify persons who may have accessed accounts without permission or breached user terms and conditions.”
The agency said it had commissioned an independent audit to be conducted by PwC “to review any anomalous activities within FishNet Secure during the fault period.”