‘Clear danger’: Thousands exposed in public service data breach
Data breaches across dozens of state government departments have exposed thousands of Queenslanders, it can be revealed.
QLD Politics
Don't miss out on the headlines from QLD Politics. Followed categories will be added to My News.
Thousands of Queenslanders have had their personal information compromised by data breaches across dozens of public service departments, the state’s Office of the Information Commissioner has revealed.
And the outdated IT systems used by many public departments makes them susceptible to infiltration, with cyber experts warning that attacks were a “clear and present danger”.
It comes as the annual cyber threat report from the Australian Cyber and Security Centre separately revealed an online crime is being report every seven minutes nationally – with a disproportionate number coming from Queensland.
The OIC, in its latest annual report, confirmed there had been 40 instances of government agencies informing them of a data breach in 2021-22 – with most “one-off incidents caused by human error”.
But a spokesman also confirmed the number of victims per incident ranged from one to “several thousand”.
And the watchdog can only encourage but not compel the public sector to notify affected community members if there is a chance the breach could cause serious harm.
Queensland also does not have a mandatory data breach system akin to what is in place nationally, meaning data breaches are only known to the OIC when public entities volunteer information.
Work is under way, through the Department of Justice and Attorney-General, to reform the state’s information privacy framework – including whether a mandatory data breach notification scheme should be put in place.
The breadth of data breaches hitting the public sector comes amid a warning from the Queensland Audit Office this week that departments were at risk of cyber attacks due to the ongoing use of old and vulnerable technology.
Auditor-General Brendan Worrall, in the report, notes security weaknesses are being found in the legacy systems each year in a genuine risk.
Griffith University cybersecurity expert David Tuffley said the QAO was sounding the warning that cyber attacks were imminent.
“It’s not a matter of if, but when,” he said.
“It’s a pretty clear and present danger.”
The ACSC, which is part of the nation’s most secretive spy agency the Australian Signals Directorate, warned cyberspace had become a “battleground” of war in the wake of Russia’s invasion of Ukraine.
Even households are at risk, with up to 200,000 internet routers in Australian home offices and small businesses identified by the ACSC as “vulnerable to compromise, including by state actors”.
There were 76,000 cybercrime reports lodged in 2021-22 – a 13 per cent increase on the previous year.
Of these a disproportionate amount of reports came from Queensland (29 per cent) and Victoria (27 per cent), while NSW accounted for 22 per cent.
ACSC head Abigail Bradshaw said government agencies were increasingly partnering with the private sector to repel and prevent cyber attacks as the threats increased in sophistication and volume.
“Fraud is the most common cybercrime threat impacting Australians, with business email compromise increasingly used to target high-value transactions,” she said.
Greens MP’s refusal to fly Australian flag a ‘pure snub’, war heroes claim
Brisbane Greens MP Elizabeth Watson-Brown’s repudiation of the Australian flag has been slammed as a “pure snub” by a group of retired soldiers. VOTE IN OUR POLL
‘Spineless, no emotion’: Scathing review of Premier’s first 100 days
Everyday Qlders who were profiled in The Courier-Mail’s exclusive Voter Verdict survey for the election are back to give their raw and honest opinions on David Crisafulli’s first 100 days.