In Security

On Tuesday, we heard that the Department of Education and TAFE Queensland websites had been ‘hacked’, but no confidential information had been obtained. “No more than you could find in the White Pages”, or so we were told…….

That afternoon I had the opportunity to talk on the subject on Matt Webber’s “Drive” radio show on ABC Gold Coast. Matt and I discussed the potential implications of even basic information and how we felt this breach was being severely downplayed.

You can listen to the segment here:

[soundcloud url=”https://api.soundcloud.com/tracks/232395351″ params=”auto_play=false&hide_related=false&show_comments=true&show_user=true&show_reposts=false&visual=true” width=”100%” height=”450″ iframe=”true” /]

2 days later it’s been revealed that information relating to students who were sexually abused could be part of that breach. Which basically says to me that any information any person filled in on a form on any of the Department of Education’s websites has been obtained.

It is DISGRACEFUL that this breach was downplayed the way it was, and here’s WHY.

Let’s say a young girl from a minority background had been raped. Her religion frowns upon females losing their virginity before marriage. If the compromised data had been published online, could the shame have resulted in her taking her life? 

What about a young boy? Ashamed of whether being raped by other males could cause his mates to think he’s gay? Or maybe he is gay but hadn’t come out yet? What might an individual do if faced with the public broadcasting of something they had not yet had a chance to talk to family and loved ones about result in?

We’ve already heard that at least 2 people committed suicide as a result of the Ashley Madison hack.

What other information was submitted to those websites. Clearly it was more than “what can be found in the White Pages”…. What potential damage could that information create?

Mandatory Breach Notification… NOW!

If we had Mandatory Breach Notification laws, the Department of Education would have had to release a press statement stating that “any information entered into the websites may have been compromised”, notifying anyone who’d used the sites of such.

As a by-product, anyone who may have filled in one of those forms could have started taking preventative measures. Talking to family about the sexual abuse, talking to counselors.

I honestly don’t think I can harp on about this ENOUGH. Australia needs to wake up and get with the program. We need better legislation regarding information system security policies and better policies regarding information breach notification.

Recent Posts