[AusCERT] Digital disaster as online security firm loses personal data in the mail


Ben Grubb


A FEDERAL government contractor that was paid more than $1 million to deliver e-security alert services to Australians has lost 8000 subscribers' personal information in the postal system.

AusCERT, which was paid $1,199,484.52 to run staysmartonline.gov.au between April 29, 2008 and April 29, 2012, lost subscribers' data after using Australia Post to send it on a DVD to the Department of Broadband, Communications and the Digital Economy (DBCDE) on April 11 when its contract to run the alerts service expired.

In an email to the site's 8000 subscribers sent about 6pm on Friday, the ''Stay Smart Online Team'' said information that had ''gone missing'' included subscribers' user names, email addresses, memorable phrases and passwords. It said passwords were ''unreadable'' (stored as a cryptographic hash).

main page ATTRITION feedback