AusCERT Acknowledges Security Breach


The Australian Computer Emergency Response Team (AusCERT) recently admitted having lost a DVD containing the user names, e-mail addresses and passwords of 8,000 subscribers to the Australian government's Stay Smart Online Alert Service.

"The saga begins in 2008 when AusCERT, a non-profit organization that operates the country’s national computer emergency response team (CERT), received AUD$1.2 million to run Australia’s e-security alert service for home computer users and small and medium-sized businesses, part of the government’s Stay Smart Online initiative," Infosecurity reports.

"When its contract expired it sent all its subscribers' data on a DVD to the Department of Broadband, Communications and the Digital Economy (DBCDE) on 11 April," writes TechEye's Darren Pauli. "For reasons only it knows, it decided to send it snail mail and the post office promptly lost the package."

"The department alerted affected subscribers late last week but assured the passwords were 'unreadable' due to a cryptographic hash," writes iTnews' Darren Pauli. "However, neither AusCERT or the department were able to say what encryption hash was used to secure the records."

"The DBCDE claimed it had 'no reason to believe' that subscribers' information had 'been found and misused by any third party' and therefore did not believe that there was 'a privacy risk,'" writes The Sydney Morning Herald's Ben Grubb. "But it did not provide any evidence to support this claim, and suggested subscribers 'consider' whether they should change their 'user name, memorable phrase and/or password for other websites or services.'"