A data breach in the Home Affairs Department of the Australian Government has affected 774,326 individuals whose personal information was stored in the Department’s Skillselect database. The platform allows people from all over the world to connect with the Australian Home Affairs Department to express interest in moving to Australia.
So, what exactly was leaked? Everything from the applicant’s names to user IDs and the full information disclosed on the prospective migrant’s applications. Much more personal details such as marital status, age and country of birth and residence were also found to have been leaked, with details of applicants dating back to 2014.
The discovery of the data breach was made by Guardian Australia, who was able to reveal the number of users that were affected and the specifics of the breach.
The breach could not have happened at a worse time, as the attack happened without the Australian government’s knowledge at the very time they were asking Australian citizens to voluntarily sign up to the government created app CovidSafe for the purpose of tracking down those in contact with infected coronavirus patients.
The uncertainty surrounding the cyber security failure in a government app raises many questions about whether Australians can truly trust the government to safeguard their personal data or not. Although it often happens that a simple failure to update the app is enough to cause malware into your device.
Once Guardian Australia notified the Home Affairs Department about the data breach, the Skillselect website was set to “undergoing maintenance” and taken offline temporarily to deal with the security issue.
However, although the Home Affairs Department acted promptly once it was notified, it is problematic that it wasn’t the department itself who identified the breach.
The exposure of thousands of migrants’ personal information is a another blow for the Australian government, as they have “consistently upheld a poor track record that shows that we cannot trust them with our personal information,” said Monique Mann from the Australian Privacy Foundation regarding the migrant data breach.
Mann also went on to express her opinion about the data breach as “absolutely ludicrous” given the fact it was the Guardian and not the Home Affairs Department who had made the discovery.
This is an unfortunate example of how easily it is for a cyber criminal to gain access to private data without even being perceived as an existing threat by a source.
It will now be up to the Home Affairs Department and other government departments to come up with a stronger cyber security strategy that will ensure the privacy of Australians and Australian migrants alike.
A biggest task is yet to come: to recover the lost trust of Australian residents and citizens so that they may be able to once again feel free to give their personal information.