[LINK] SMH: Federal Commissioner and First State Super

Roger Clarke Roger.Clarke at xamax.com.au
Thu Oct 20 08:47:22 AEDT 2011 

Privacy boss to look at security breach
The Sydney Morning Herald
Thursday 20 October 2011

The Federal Privacy Commissioner, Timothy Pilgrim, is opening an 
investigation in First State Super after a serious security breach 
that may have left thousands of accounts exposed.

[As previously mentioned, previous federal PC'er 'investigations' 
have been worse than useless.]

First State Super put a statement on its website yesterday that said: 
"Only 568 member statements were viewed out of a total membership of 
some 770,000.  The members whose statements were viewed have been 
notified".

[Nice spin that.  But I can't find the actual statement anywhere, e.g.
http://www.firststatesuper.com.au/MediaCentre
and the search-function doesn't turn it up either.]


Aside:  I've been feeling lonely, and I'm relieved to find that I'm 
not the only person using the word 'negligence':
http://www.smh.com.au/it-pro/security-it/super-sloppy-first-state-customers-kept-in-the-dark-20111019-1m7g6.html#ixzz1bGYMwMC4
Plenty of computer security experts have rounded on First State, not 
only for the heavy-handed way it treated Webster but also for failing 
to detect such a glaring and easily exploited security flaw. 
"Changing a number in a URL bar isn't even hacking ... anyone who 
configures their systems to work that way is negligent," said Patrick 
Gray, a specialist security journalist who first broke the First 
State story on his podcast, Risky.biz.

[Long-]Acting NSW PC'er John McAteer has said some very useful things 
about this and the previous, similar breach by Uni Sydney;  but we 
have to get PC'ers to move beyond the minor safeguard of data breach 
notification legislation and get to the real business:  criminal 
offences and sanctions for serious instances of insecurity.


-- 
Roger Clarke                                 http://www.rogerclarke.com/
			            
Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
                    Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/

Visiting Professor in the Cyberspace Law & Policy Centre      Uni of NSW
Visiting Professor in Computer Science    Australian National University

More information about the Link mailing list