Exploit: Unsecured database
Home Affairs: National government agency regulating homeland security and immigration
Risk to Small Business: 2.157 = Severe
An unsecured database exposed the information for hundreds of thousands of users who uploaded their information to a department form for skilled workers looking to migrate to Australia. The breach compromised peoples’ personally identifiable information for an at-risk population. The breach is especially untimely because the Australian government is asking people to trust its cybersecurity and data privacy acumen by downloading a COVID-19 tracing app that relies on peoples’ sensitive personal data. It’s a reminder that brand reputation and cybersecurity are inextricably linked, and companies that care about the former will prioritize the latter.
Individual Risk: 2.285 = Severe
The exposed database included users’ partial names, ADUserIDs, age, country of birth, marital status, and desired application outcomes. It applies to applicants as far back as 2014, and it could be used to execute additional cybercrimes or instances of fraud. Those impacted by the breach should carefully scrutinize incoming messages while also being aware that their data could quickly spread on the Dark Web where cybercriminals use that information for a variety of malicious purposes.
Customers Impacted: 774,326
How it Could Affect Your Customers’ Business:This week, the Australian government is asking citizens to download the CovidSafe app, a contact tracing app that can help deter the spread of the novel Coronavirus. Unfortunately, as we detail at the end of the newsletter, consumers are increasingly unwilling to work with platforms that can’t protect data. In this case, preserving consumer trust may be an actual matter of life or death, and, for many organizations, their survival in today’s digital landscape is likely predicated on their ability to protect their data