Australia Data Breach Exposes 50,000 Employee Records: iTnews

(Bloomberg) -- The personal records of almost 50,000 Australians working at several government agencies and companies were left unsecured by a third-party contractor in one of the country’s worst data breaches, according to a report Thursday by iTnews.

Backup databases of employee records including names, passwords, salaries and some credit card numbers were accessible after the contractor misconfigured an Amazon.com Inc. cloud storage product, according to the report. About 25,000 records from AMP Ltd., 17,000 records at Cimic Group Ltd. subsidiary UGL Ltd., 1,500 records at Rabobank and 4,770 records across Australian government departments were left vulnerable.

The issue was spotted by a Polish security researcher, who alerted authorities last month, according to the report, which said it was the country’s second-largest breach after details of 550,000 blood donors were leaked last year.

The Department of Prime Minister and Cabinet, which oversees a national cyber-security center set up in 2013 to support businesses, didn’t immediately reply to a request for comment. No customer data was affected and the “mistake” was quickly corrected, AMP said in a statement. Rabobank said it was investigating the situation and was unable to comment further. Cimic declined to comment.

Australia has experienced several high profile hacks or data breaches in the past couple of years. Almost 30 gigabytes of commercially sensitive information related to Australian naval vessels and warplanes was reportedly stolen from a local defense contractor in July 2016. The nation’s weather bureau was reportedly hacked in 2015.

To contact the reporter on this story: Matthew Burgess in Sydney at mburgess46@bloomberg.net.

To contact the editors responsible for this story: Edward Johnson at ejohnson28@bloomberg.net, Peter Vercoe

©2017 Bloomberg L.P.