Author Topic: eevBLAB #52 - My Personal Data STOLEN from the Government!  (Read 11840 times)

0 Members and 1 Guest are viewing this topic.

Offline EEVblogTopic starter

  • Administrator
  • *****
  • Posts: 37661
  • Country: au
    • EEVblog
eevBLAB #52 - My Personal Data STOLEN from the Government!
« on: September 19, 2018, 12:55:53 am »
All my personal data was STOLEN from the Western Australian Government's Perth Mint thanks to a third party data breach.
Obvious serious identity theft implications for customers as a result.


 
The following users thanked this post: SeanB, WN1X

Offline WN1X

  • Supporter
  • ****
  • Posts: 79
  • Country: us
Re: eevBLAB #52 - My Personal Data STOLEN from the Government!
« Reply #1 on: September 19, 2018, 01:02:19 am »
So how are they going to help you out if/when someone actually uses the stolen info to steal your identity and mess up your life for many years to come? Sounds like a nasty law suit in the works.
- Jim
 

Offline Muttley Snickers

  • Supporter
  • ****
  • Posts: 2333
  • Country: au
  • Cursed: 679 times
Re: eevBLAB #52 - My Personal Data STOLEN from the Government!
« Reply #2 on: September 19, 2018, 01:11:12 am »
How do we even know you are the real Dave ?, you could have somehow used his private information to access his login and password details leaving all of us at the mercy of some unscrupulous fiend who's agenda is to cause mayhem and havoc about the place.   :o ::) 
 

Offline ttelectronic

  • Contributor
  • Posts: 43
  • Country: ca
Re: eevBLAB #52 - My Personal Data STOLEN from the Government!
« Reply #3 on: September 19, 2018, 01:50:52 am »
A few things bother me and it's the same anywhere. Why The F does anyone get away with not answering a single question, and why the hell aren't journalists asking the questions. This bullshit about security and not mentioning where the data was stolen from. It's OUR data, yet they won't even let us know who should be held accountable. WTF.....  :horse:
 

Online TERRA Operative

  • Super Contributor
  • ***
  • Posts: 2871
  • Country: jp
  • Voider of warranties
    • Near Far Media Youtube
Re: eevBLAB #52 - My Personal Data STOLEN from the Government!
« Reply #4 on: September 19, 2018, 02:10:15 am »
...leaving all of us at the mercy of some unscrupulous fiend who's agenda is to cause mayhem and havoc about the place.   :o ::) 

So, business as usual then? :D  :-DD
Where does all this test equipment keep coming from?!?

https://www.youtube.com/NearFarMedia/
 

Offline Scottjd

  • Frequent Contributor
  • **
  • Posts: 436
  • Country: us
    • YouTube Gadget Reveiws
Re: eevBLAB #52 - My Personal Data STOLEN from the Government!
« Reply #5 on: September 19, 2018, 04:30:55 am »
No point in trying anymore. Oh, my info was stolen so I get 1 year of free credit monitoring. Like the hackers won’t hold onto the info for 5 years before selling it or using it, really? Then again I had 6 years of free credit monitoring because at point 6 different companies were compromised one year after another. At this point just give up...unless you change the info used for verifying who you are like buying a different car, moving to another house, changing all credit cards then in 5 years the info would be outed  to be used for creating ID theft.. Since banks ask about what car you recently bought, the balance estimate on a credit card (I don’t keep balances so that’s pointless) and current and past addresses for verification then you will need to change all of these things every time you info is stolen, that’s not possible to do every year. Then let’s make it easier for them by making the home you bought public information, that’s needs to stop also. I give up at this point. It would be easier for me to create a new ID fake identity and start over then to try and prevent ID theft with how many times my information has been stolen. It not the question if it will happen anymore, but when will it happen these days.
And other on social media just give away infor for free making it even easier, wow.

Interesting fact, if the data compromised is encrypted then some companies don’t even need to let you know your information was stolen. So for every time your notified, 5 other companies probsbly didn’t tell you. How fast computers are getting with cluster networked systems it will only take a few years to break some encryptions. Or maybe they encryption is already compromised also, but you don’t know about it so you don’t know what encryption was even used.
Then you have some governments (US) requiring companies to follow certain regulations to protect customer information, and they turn around and let the IRS server get hacked that is NOT encrypted a decade after they made other companies encrypt their data. Can we say two faced?
Please be sure to check out my YouTube channel and subscribe if you like the videos. https://www.youtube.com/c/GadgetReviewVideos

By people subscribing and giving thumbs up I know what I am doing is still wanted and adding value, then will continue to release new videos. Thank you for your support.
 

Offline SeanB

  • Super Contributor
  • ***
  • Posts: 16272
  • Country: za
Re: eevBLAB #52 - My Personal Data STOLEN from the Government!
« Reply #6 on: September 19, 2018, 05:07:23 am »
Give a hint as to the "third party", nobody ever got fired for using them. Now your info was in a database that was viewable by anybody with the right credentials. Password was "Password" and this was on a post it note on the notice board of an outsourced company, in the public lobby...... So the staff of the day could "Do the Needful".
 

Offline Chupacabras

  • Regular Contributor
  • *
  • Posts: 64
  • Country: sk
Re: eevBLAB #52 - My Personal Data STOLEN from the Government!
« Reply #7 on: September 19, 2018, 07:01:39 am »
Good news is:
1) they discovered the breach
2) they notified the public

Yes, they made many "mistakes", but I bet there are many other organizations and many breaches they even didn't notice.
 

Offline EEVblogTopic starter

  • Administrator
  • *****
  • Posts: 37661
  • Country: au
    • EEVblog
Re: eevBLAB #52 - My Personal Data STOLEN from the Government!
« Reply #8 on: September 19, 2018, 08:04:03 am »
LOL! Comments disabled!

 

Offline Decoman

  • Regular Contributor
  • *
  • Posts: 161
  • Country: no
Re: eevBLAB #52 - My Personal Data STOLEN from the Government!
« Reply #9 on: September 19, 2018, 09:58:26 am »
I am reminded of something I vaguely remember having read about in my local news, many years ago. Something about how a record with the personal numbers (11 digit number afaik) of every citizen in norway, was lost on a cd that was displaced, and presumed lost in a public place. I don't think I am remembering this wrong, but its been so long and I don't have any copy of this.

Presumably, and I am speculating, it is all too easy for me to assume that, one way to circumvent local laws regarding privacy and data protection, is to simply circumvent the presumably very narrow legal language and white washing the illegal sharing of such data, by simply handing it over to other countries governments. Something similar could be done for monitoring traffic, in simply routing local data traffic over another country, thus allowing country B to monitor the local traffic in country A. Sweden is known for having laws that warrant internet traffic monitoring. "FRA" law iirc, or maybe it's just a military institution, unsure. And I think I've learned that the internet doesn't have data sent over the shortest connection based on geograprahpy, data might really go places before ending up at its final destination.

Btw, speaking of money, I remember a couple of times, I had made a small donation (some 10 usd) with my Visa card, and then the bank froze my bank account, which seems like an overreaction. I interpreted it as an act of intimidation simply because of who the money was supposed to go to (nothing criminal or violent or bad), and the bank said they did it because they didn't know who the money went to (money went to a foundation). I suppose I should be glad if my bank puts a stop to mysterious bank transactions, but it seems to me that it is about control, more than providing security. Presumably, banks in can/will be held accountable should money go places where other people don't want it to do, I guess that is sort of ok (if fraud is involved), but I don't know, I basically want to decide for myself where my money goes.

I like donating money on the internet, because if everybody chip in, things gets done. However, I am also conscious that this activity might as well be considered very limited, as it won't solve the world's poverty problems (not my donation activity anyway I would think, as I have limited money anyway), and also that I am no willing to donate too much either. Either way, I don't donate to feel better about myself, but to well help out when I feel it is ok.
« Last Edit: September 19, 2018, 10:23:34 am by Decoman »
 

Offline NivagSwerdna

  • Super Contributor
  • ***
  • Posts: 2495
  • Country: gb
 

Offline Raj

  • Frequent Contributor
  • **
  • Posts: 689
  • Country: in
  • Self taught, experimenter, noob(ish)
Re: eevBLAB #52 - My Personal Data STOLEN from the Government!
« Reply #11 on: September 19, 2018, 12:51:16 pm »
You haven't seen the worst yet.
Aadhar system in India is way worse. Afterall, you can't replace your eyes and fingerprints. F#($) Governments. |O
 

Offline madires

  • Super Contributor
  • ***
  • Posts: 7694
  • Country: de
  • A qualified hobbyist ;)
Re: eevBLAB #52 - My Personal Data STOLEN from the Government!
« Reply #12 on: September 19, 2018, 12:54:10 pm »
As a victim of one official data breach (LinkedIn) I've experienced only more SPAM and additional verification measures when logging in on some shopping websites from time to time. The latter is caused by some crooks trying to use the data from the breach for free shopping. This is one of the reasons you should have a dedicated password for each account/login. It also tells me that the password was stored in clear text or only secured by a poor hashing algorithm.

There are also unofficial data breaches, mostly when an employee copies customer data for some extra income. I had a subscription of an electronics magazine. One day I received a newsletter from a Dutch audio magazine which is owned by the same publisher. I asked them to remove me from their list and they told me that someone has ticked the wrong box. No drama, things like this happen. But after that some shady marketer started to send me Dutch SPAM and still does. Luckily most of the SPAM is rejected by my MTAs (I run my own mail servers), so it doesn't bother me much. This looks like some employee is selling customer data, doesn't it?
 

Offline Bud

  • Super Contributor
  • ***
  • Posts: 6877
  • Country: ca
Re: eevBLAB #52 - My Personal Data STOLEN from the Government!
« Reply #13 on: September 19, 2018, 01:05:36 pm »
Article on Amazon employees making extra cash selling insider information including customer email addresses

https://www.theverge.com/2018/9/16/17867358/amazon-investigation-employee-seller-bribery-internal-data-deleting-negative-reviews
Facebook-free life and Rigol-free shack.
 

Offline HeywoodFloyd

  • Contributor
  • Posts: 13
Re: eevBLAB #52 - My Personal Data STOLEN from the Government!
« Reply #14 on: September 19, 2018, 01:09:49 pm »
Any idea if the identity theft monitoring is worth the risk/effort/cost?
My data was stolen in the recent British Airways data breach. BA offered me monitoring for 1yr but I note the monitoring company asks for way more information than BA had, and their privacy policy says they share it with third parties and keep it for six years after my account closes. Having monitoring may be a greater risk than not having it  :-//
 

Offline NivagSwerdna

  • Super Contributor
  • ***
  • Posts: 2495
  • Country: gb
Re: eevBLAB #52 - My Personal Data STOLEN from the Government!
« Reply #15 on: September 19, 2018, 01:23:04 pm »
...I note the monitoring company asks for way more information than BA had, and their privacy policy says they share it with third parties and keep it for six years after my account closes. Having monitoring may be a greater risk than not having it  :-//
I noticed that too... I think I was offered Garlik after a breach but I notice that Garlik is really Experian... funny it keeps asking me for my bank and credit card details...  |O
 
The following users thanked this post: HeywoodFloyd

Offline madires

  • Super Contributor
  • ***
  • Posts: 7694
  • Country: de
  • A qualified hobbyist ;)
Re: eevBLAB #52 - My Personal Data STOLEN from the Government!
« Reply #16 on: September 19, 2018, 01:52:32 pm »
Identity theft monitoring is just a placebo to keep the victims calm. It doesn't help when a bank turns up suddenly and asks you to pay for a  credit you never signed, or when a debt collection service demands the money for some expensive toys you never ordered. Those are typical cases of identity theft, and you would have to hire a lawyer to deal with them. I wouldn't accept any cheap monitoring service, I'd demand that the company pays my lawyer for dealing with the real problems and some compensation for the stress and time wasted.
 
The following users thanked this post: SeanB

Offline vodka

  • Frequent Contributor
  • **
  • Posts: 518
  • Country: es
Re: eevBLAB #52 - My Personal Data STOLEN from the Government!
« Reply #17 on: September 19, 2018, 06:12:47 pm »
I am reminded of something I vaguely remember having read about in my local news, many years ago. Something about how a record with the personal numbers (11 digit number afaik) of every citizen in norway, was lost on a cd that was displaced, and presumed lost in a public place. I don't think I am remembering this wrong, but its been so long and I don't have any copy of this.

Presumably, and I am speculating, it is all too easy for me to assume that, one way to circumvent local laws regarding privacy and data protection, is to simply circumvent the presumably very narrow legal language and white washing the illegal sharing of such data, by simply handing it over to other countries governments. Something similar could be done for monitoring traffic, in simply routing local data traffic over another country, thus allowing country B to monitor the local traffic in country A. Sweden is known for having laws that warrant internet traffic monitoring. "FRA" law iirc, or maybe it's just a military institution, unsure. And I think I've learned that the internet doesn't have data sent over the shortest connection based on geograprahpy, data might really go places before ending up at its final destination.

Btw, speaking of money, I remember a couple of times, I had made a small donation (some 10 usd) with my Visa card, and then the bank froze my bank account, which seems like an overreaction. I interpreted it as an act of intimidation simply because of who the money was supposed to go to (nothing criminal or violent or bad), and the bank said they did it because they didn't know who the money went to (money went to a foundation). I suppose I should be glad if my bank puts a stop to mysterious bank transactions, but it seems to me that it is about control, more than providing security. Presumably, banks in can/will be held accountable should money go places where other people don't want it to do, I guess that is sort of ok (if fraud is involved), but I don't know, I basically want to decide for myself where my money goes.

I like donating money on the internet, because if everybody chip in, things gets done. However, I am also conscious that this activity might as well be considered very limited, as it won't solve the world's poverty problems (not my donation activity anyway I would think, as I have limited money anyway), and also that I am no willing to donate too much either. Either way, I don't donate to feel better about myself, but to well help out when I feel it is ok.


Our case is quite worse, it is the own goverment,concretly, the "Generalitat" of Catalonia who stolen our privacy data for doing an illegal referendum.

https://youtu.be/ud-MCpHjTtw

Here the transciption:
Quote
Santiago Vidal, judge and Spanish Senator of ERC explaining the State Coup

<They mounted 19 chiringuitos with our money)>

At the moment,there are 31 actuation ambits,19 expert teams working under the coordination from exvicepresident of the Supreme Court,mr Carlos Viver Pi Sunyer and there are 141 specifical measures.

We have ambit of Healthcare,Education,Media,Railway Structures,Roads .

<Obfuscated and with our money>

But there are too a budget line of almost 400M€,i didn't say you what epigraph in particular, it is at the budgets because duly camouflaged, destinated to release of the referendum and absolutely prepared

the 19 structured of state. We already have all the software, that cost many money.

<Violating our privacy right>

At the moment,the goverment of "Generalitat" of Catalonia have all tax informations. And this serves by the electoral census. And this serves by many stuffs and so others things.

Everybody are controlled. All.(1:20)


<Violating the law>

 this it is legal? Of course, no. Because this is protected by the Spanish law of the databases protection.
I don't tell you like we have achieved it,because we have achieved it, absolutely of illegal form. And a judge can't talk of how is made the things illegally.



<They want to force to give them own money>
 
It will arrive a day ,the next year , you will recieve a letter on your home. A signed letter by the "Generalitat" Goverment that you will say:

"I report you what the next tax finishes ...and we remember  your duty to pay (because it already will be have  adopted the law of own Treasury for paying to Generalitat Treasury Department )"

When a catalonian, as the mr.Bonet de Freixenet,by example, he goes to the bank and he say:"I come to pay the VAT tax,corporation tax , and income tax , but epps, i am very spanish.
This money ,above all, goes to Spanish Treasury".

The employment that is behind of check-in counter has to respond him: See , i am sorry but the system don't allow me .

<They want to exhaust us>

Will you pay more ? Surely yes, on the new catalonia. You will pay more taxes. In the new state, anybody will escape.

<They are supremacist>

Entrance, when we finish to born like state, pass to be the 14,by the way ,the Spain go to the 21, i suppose that know you.  At the moment that we get out ,clearly, they are going to 21.

Pass to be the number 14 to be the number 8. You don't negate me that make ilusion. Because the intention is to be the Norway or Denmark from South.

<They take us by idiots>.

The big corporations in infrastructures,above all,germans and frenchs will begin to invest million and million euros

Catalonia will reduce the unemployment from 14.6-14.7% to 11.3%,

If the month June-July, we go to Baix LLobregat,and everybody are(that there are many undecided:"oh,is that my pension i don't know what..", you said them:"Listen"(on paper).

 You will recieve...How many do you recieve,now? 641?

You will recieve 1,000).

<Plotting with others countries versus us >

And this numbers have validated and this we can't say you until recently, by 3 international organisms.

The  first interantional organism: Deutsch Bank. There is a state that it is not european, and therefore over Spain can not apply any control,besides, the bilateral relations isn't speacially goods,

that they have said us, that they will do us of  bank.

At this moment, i can say you that we have the word pledge from the 31 states

<Making the list of the goods and bads>

At this moments,perfectly, we already have delimited through of field working very exhaustive,how many these 801 judges will go to their state and that want to say:

Treasury Inpector,attorneys. We know with names and surnames who will stay and who will get out .

We will get them a term- they are roughly a 300, we will get them a term form 3 months for choosing if they will want to stay or will get out.

And the case who will want to stay , they will have to pass the filters: First filter, they will have to accredit ,a minimum, a C level catalan language

Second filter: They will have to be a favorable report ,we still haven't put the exact title , but will have a Evaluation Commission.
                     We can't have a people who will stay here like 5th Columnists.

<They are above of the law>   

When  they will send all their rulings,suspending all this and this wiil arrive between April/May of the next year, no longer we won't acknow the Spanish Constitutional Court.

All this that we will make, Is it agree with the spanish legalty? No ,and i believe that is not necessary to explain the motive.

<And this nightmare is not end>

In spite of we will lose the referendum, if we will lose it , we will repeat it

Perfectly, we know who share the dreams and ideals of the majority-i imagine from us that we are in the room.

Perfectly, we know by your tranquility who person, absolutely formed to level juridic,honest,worker will occupy the place of each one these civil servant who will get out.

<Prepared ideological purges>

These civil servarnts who will want to stay on the new state,while it may appear redundant, the first request is a firm pledge and serious with the valors,principles and legalty of the new state.

 

Offline bitwelder

  • Frequent Contributor
  • **
  • Posts: 964
  • Country: fi
Re: eevBLAB #52 - My Personal Data STOLEN from the Government!
« Reply #18 on: September 19, 2018, 07:46:17 pm »
"Perth Mint did not identity the third-party IT provider that hosted the breached database. But over the past couple of years, the mint has sought to revamp its IT infrastructure, which involved moving from in-house ICT support to a managed service, CRN reported in March 2017.

After a tendering process, the mint selected Silverfern IT of Perth."
https://www.bankinfosecurity.com/perth-mint-says-3200-customers-affected-by-data-breach-a-11521
 

Offline firewalker

  • Super Contributor
  • ***
  • Posts: 2450
  • Country: gr
Re: eevBLAB #52 - My Personal Data STOLEN from the Government!
« Reply #19 on: September 19, 2018, 08:01:24 pm »
Can you twist their arm with a court order or similar to answer your really valid questions?

Alexander.
Become a realist, stay a dreamer.

 

Offline thm_w

  • Super Contributor
  • ***
  • Posts: 6272
  • Country: ca
  • Non-expert
Re: eevBLAB #52 - My Personal Data STOLEN from the Government!
« Reply #20 on: September 19, 2018, 08:18:07 pm »
Seems there is some physical hacking going on too!

http://www.abc.net.au/news/2018-08-03/man-hid-stolen-perth-mint-gold-coins-in-computer-hard-drive/10070998

Interesting because that happened in 2016 when the database is supposedly from: "Joseph Charles Viola, 29, pleaded guilty in the District Court to six charges of stealing the items, worth a total of $55,000 and including a limited edition Kimberley sunrise coin, between February and April 2016."

But that doesn't match up with the other information given, so probably was not him.
Profile -> Modify profile -> Look and Layout ->  Don't show users' signatures
 

Offline HeywoodFloyd

  • Contributor
  • Posts: 13
Re: eevBLAB #52 - My Personal Data STOLEN from the Government!
« Reply #21 on: September 20, 2018, 08:28:28 am »
I wouldn't accept any cheap monitoring service, I'd demand that the company pays my lawyer for dealing with the real problems and some compensation for the stress and time wasted.
:clap:
Mind you, you'd need to know which one of your data leaks led to that particular identity theft.
You probably have an account with credit rating agencies that you don't even know about... https://www.bbc.co.uk/news/uk-england-essex-45574163
 

Offline Halcyon

  • Global Moderator
  • *****
  • Posts: 5629
  • Country: au
Re: eevBLAB #52 - My Personal Data STOLEN from the Government!
« Reply #22 on: September 20, 2018, 10:09:18 am »
Can you twist their arm with a court order or similar to answer your really valid questions?

There's really no point and it's certainly not worth the time, effort and expense of going to court. The best we (the public) can do is refer the matter to the Office of the Australian Information Commissioner. If they determine that the Privacy Act has been breached, they can take action against the entity. But it appears that there is nothing compelling the organisation to answer Dave's questions, as fair as those questions may be.
 

Offline NiHaoMike

  • Super Contributor
  • ***
  • Posts: 8972
  • Country: us
  • "Don't turn it on - Take it apart!"
    • Facebook Page
Re: eevBLAB #52 - My Personal Data STOLEN from the Government!
« Reply #23 on: September 21, 2018, 04:07:33 am »
Those in the US probably remember the infamous Equifax hacking incident...
Btw, speaking of money, I remember a couple of times, I had made a small donation (some 10 usd) with my Visa card, and then the bank froze my bank account, which seems like an overreaction. I interpreted it as an act of intimidation simply because of who the money was supposed to go to (nothing criminal or violent or bad), and the bank said they did it because they didn't know who the money went to (money went to a foundation). I suppose I should be glad if my bank puts a stop to mysterious bank transactions, but it seems to me that it is about control, more than providing security. Presumably, banks in can/will be held accountable should money go places where other people don't want it to do, I guess that is sort of ok (if fraud is involved), but I don't know, I basically want to decide for myself where my money goes.

I like donating money on the internet, because if everybody chip in, things gets done. However, I am also conscious that this activity might as well be considered very limited, as it won't solve the world's poverty problems (not my donation activity anyway I would think, as I have limited money anyway), and also that I am no willing to donate too much either. Either way, I don't donate to feel better about myself, but to well help out when I feel it is ok.
I use cryptocurrency for that - maintains my desire to keep "regular money" and "hobby money" separate where practical and it's a lot more fun to build and run a machine that "generates money". Well, more like "collect the transaction fees from other users in exchange for getting their transactions into the blockchain", especially for coins like Swagbucks that recently halved the block reward. (There seem to be lots of clueless users who waste their time on the surveys only to have a significant percentage of their little profit going to the miners, but that helps to keep the mining profits high...) Some of the exchanges don't ask for very much personal information so there's not much to leak in the first place.

That is not to say that cryptocurrency is completely immune to leaking personal data - one time Perk ramped up asking for ID in order to use the exchange services, which was likely a factor in its crash... (I just moved on to mining other coins like many others did and never gave them any personal information.)
Cryptocurrency has taught me to love math and at the same time be baffled by it.

Cryptocurrency lesson 0: Altcoins and Bitcoin are not the same thing.
 

Offline (*steve*)

  • Regular Contributor
  • *
  • Posts: 50
EEVBLAB 52 - My personal data stolen from the government
« Reply #24 on: September 22, 2018, 03:08:24 am »
I'm employed in an area within the WA Govt which is very aware of data breaches.  It's not the Mint (but I won't say more).

One thing you need to be aware of is that WA Government agencies are not covered under the Privacy Act (1988) (the Act).  This is because of (1) the definition of who is covered by the  Act, and (2) because WA has *NO* privacy legislation.  Off the top of my head, I'm not sure if the WA Mint falls under one of the categories which are covered, but they well may not be...  This is something you can check by a call to the Office of the Australian Information Commissioner (OAIC) (email foi@oaic.gov.au) 1300 363 992.

The report by the mint to the OAIC may be a courtesy rather than a requirement.  If it is, the OAIC can't force them to follow the law they're not acting under...

If they are covered by the Act, your best recourse is a complaint to the OAIC because complaints by individuals *can* be handled under the Act.

HOWEVER, if you take the time to read the Act (and yes, I'm someone who has) there are plenty of outs for organisations if they deem your issue falls into the "too hard" basket or (as they've said) would result in a further breach.

If the breach has been reported ONLY by the Mint, then the third party is probably a party that isn't covered by the Act.  This could be a WA State Govt agency (but you can bet they would have been thrown under the bus) or they are situated outside Australia.  The latter would be my best bet.

Given the date of the breach vs the currency of the data, my bet is that the breach occurred in a test system populated with old production data. 

The definition of a eligible data breach in the Act (Section 26WF, pp185-186 requires that there is both "unauthorised access to, or unauthorised disclosure of, the information", AND "a reasonable person would conclude that the access or disclosure WOULD [my emphasis] result in serious harm[...]".  Given that, you can draw some conclusions about whether the disclosure was contained (I would guess it wasn't, because containment would mitigate the risk) and regardless of whether there is "no threat to any account holdings at The Perth Mint", there IS a real risk of "serious harm".  Personally, I would go beyond "real risk". 

Whilst I wouldn't go this far, some have suggested that the Act is designed to shield Australian organisations (not people) from harm resulting from data breaches.  Some evidence in this regard is that one type of organisation exempted from the Act is "political parties".

The OAIC can hold hearings and has some power to compel witnesses, so if you want to have a bit of fun you could agitate to have the OAIC investigate.  Beware that they can also require you to attend and answer questions under oath.  This is not my idea of fun.
« Last Edit: September 22, 2018, 03:41:56 am by (*steve*) »
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf