Your Taxes at Work

This is simply unbelievable:
A federal government contractor that was paid more than $1 million to deliver e-security alert services to Australians has lost 8000 subscribers' personal information in the postal system.

AusCERT, which was paid $1,199,484.52 by the federal government to run between April 29 2008 and April 29 2012*, lost subscribers' data after using Australia Post to send it on a DVD to the Department of Broadband, Communications and the Digital Economy (DBCDE) on April 11 when its contract to run the alerts service expired.

In an email to the site's 8000 subscribers sent at about 6pm on Friday, the "Stay Smart Online Team" said information that had "gone missing" on the DVD included subscribers' user names, email addresses, memorable phrases and passwords. It said passwords were "unreadable" (stored as a cryptographic hash).

The DBCDE claimed it had "no reason to believe" that subscribers' information had "been found and misused by any third party" and therefore did not believe that there was "a privacy risk".
But it did not provide any evidence to support this claim, and suggested subscribers "consider" whether they should change their "user name, memorable phrase and/or password for other websites or services".


Australia Post, however, said the disc containing subscriber's personal information sent by AusCERT to the DBCDE was not posted using registered post, which it recommended using for sending sensitive information...

More great decision making from the Department that wants to censor the internet and is responsible for bringing in the NBN...

(h/t Catallaxy)

Join ATA on Social Media:

Share our message of less taxes,
regulation and wasteful spending