The personal records of almost 50,000 Australians working at several
government agencies and companies were left unsecured by a third-party
contractor in one of the country’s worst data breaches, according to a
report Thursday by iTnews.
Backup
databases of employee records including names, passwords, salaries and
some credit card numbers were accessible after the contractor
misconfigured an Amazon.com Inc. cloud storage product, according to the report. About 25,000 records from AMP Ltd., 17,000 records at Cimic Group Ltd. subsidiary UGL Ltd., 1,500 records at Rabobank and 4,770 records across Australian government departments were left vulnerable.
The
issue was spotted by a Polish security researcher, who alerted
authorities last month, according to the report, which said it was the
country’s second-largest breach after details of 550,000 blood donors were leaked last year.
The Department of Prime Minister and Cabinet, which
oversees a national cyber-security center set up in 2013 to support
businesses, didn’t immediately reply to a request for comment. No
customer data was affected and the “mistake” was quickly corrected, AMP
said in a statement. Rabobank said it was investigating the situation
and was unable to comment further. Cimic declined to comment.
Australia has experienced several high profile hacks or data breaches in the past couple of years. Almost 30 gigabytes of commercially sensitive information related to Australian naval vessels and warplanes was reportedly stolen
from a local defense contractor in July 2016. The nation’s weather
bureau was reportedly hacked in 2015.
