Aussie Privacy expert loses private data in the post

An Aussie government contractor which was paid over $1 million to deliver e-security alert services to Australians lost 8,000 subscribers’ personal information in the post.

AusCERT won the contract to run staysmartonline.gov.au between April 29 2008 and April 29 2012. When its contract expired it sent all its subscribers’ data on a DVD to the Department of Broadband, Communications and the Digital Economy (DBCDE) on 11 April. For reasons only it knows, it decided to send it snail mail and the post office promptly lost the package.

According to the Sydney Morning Herald, in an email to the site’s 8,000 subscribers, the “Stay Smart Online Team” said information that had “gone missing” on the DVD included subscribers’ user names, email addresses, memorable phrases and passwords.  

It said that the passwords were “unreadable” and it had “no reason to believe” that subscribers’ information had “been found and misused by any third party”.

However Stay Smart Online suggested that subscribers “consider” whether they should change their “user name, memorable phrase and/or password for other websites or services”.

It is not clear if the package was sent registered post. But you have to wonder why the data was not sent electronically. AusCERT refused to comment, saying media enquiries were being handled by the DBCDE. While they might be smarter online they certainly were rubbish when they came to using the post. Australia Post insists that the DVD was not sent registered mail.