Australian crime busters busted for privacy breach

When I posed some questions last week about the reasons why data security didn't seem to be a headline issue in Australia, in contrast to the US, how was I to know we were about to have a spate of reports about lost, stolen or carelessly discarded data?

Since then we've posted reported breaches involving Australia Post, the Queensland Government and the Tax Office. The latest is this report "Cop bungle exposes bank files" - the Australian High Tech Crime Centre, the body involved in investigating online frauds, lost a memory stick containing the banking details of 3500 customers when an officer lost the classified information while travelling to London to brief overseas police forces.

Two-thirds of the bank customers had their name, post code and banking institution recorded on the memory stick. The rest had their bank accounts and bank branch numbers as well.

The memory stick was not protected by a password or encryption and the information stored could be accessed by plugging it into a computer.

This occurred in April last year and has only come to light today. The Centre persuaded the banks involved not to inform the customers involved as they didn't want to draw the bad guys attention to the fact the information was 'out there'.

All this points up the need for better standards and a requirement that those potentially affected by a data security breach be informed when information that lends itself to ID theft and fraud is lost, stolen or inadvertently disclosed.