Story image

Tasmanian elector data breached via forms on Electoral Commission site

03 Jul 2018

Last week, the Tasmanian Electoral Commission was informed by Barcelona-based company Typeform that an unknown third party had gained access to one of their servers and downloaded certain information. 

Typeform online forms have been used on the TEC website since 2015 for some of its election services. The breach involved an unknown attacker downloading a backup file. 

The breach was identified by the company on June 27, 2018, with the vulnerability closed down within half an hour of detection.  

Typeform’s full investigation of the breach identified that data collected through 5 forms on the TEC website had been stolen.  Whilst some of the stolen elector data captured in some of these forms has already been made public, such as candidate statements for a local government by-election, it is believed that the breach also captured name, address, email and date of birth information provided by electors when applying for an express vote at the recent State and Legislative Council elections. The Electoral Commission will be contacting electors that used these services in the coming days to inform them of the breach. The Electoral Commission apologised for the breach and promised to re-evaluate its collection procedures and internal security elements around its storage of electoral information for future events. The breach has no connection to the national or state electoral roll.

Two weeks ago, a breach of online recruitment services organisation PageUp left personal data from the staff at the Australia Attorney-General’s Office exposed.

Malware was found on the company systems used to store private data, including banking details and personally identifying details.

Other employers that were using PageUp’s human resources software included Telstra, Medibank, Australia Post, and more. 

In a statement, PageUp says that while sensitive data was accessed, it “has advised that no employment contracts, applicant resumes, Australian tax file numbers, credit card information or bank account information were affected.”

“In other words, no Australian information may actually have been stolen.”

ESET researchers break down latest arsenal of the infamous Sednit group
At the end of August 2018, the Sednit group launched a spear-phishing email campaign, in which it distributed shortened URLs that delivered first-stage Zebrocy components.
Container survey shows adoption accelerating while security concerns remain top of mind
The report features insights from over 500 IT professionals.
Google 'will do better' after G Suite passwords exposed since 2005
Fourteen years is a long time for sensitive information like usernames and passwords to be sitting ducks, unencrypted and at risk of theft and corruption.
Who's watching you? 
With privacy an increasing concern amongst the public, users should be more aware than ever of what personal data companies hold.
Fake apps on Google Play scamming users out of cryptocurrency
Fake cryptocurrency apps on Google Play have been discovered to be phishing and scamming users out of cryptocurrency, according to a new report from ESET.
Managing data to comply with privacy regulations - Micro Focus
It’s crucial for organisations to be able to access, understand, and accurately classify the data they have so they know how to treat it.
Hackbusters! Reviewing 90 days of cybersecurity incident response cases
While there are occasionally very advanced new threats, these are massively outnumbered by common-or-garden email fraud, ransomware attacks and well-worn old exploits.
SEGA turns to Palo Alto Networks for cybersecurity protection
When one of the world’s largest video game pioneers wanted to strengthen its IT defences against cyber threats, it started with firewalls and real-time threat intelligence from Palo Alto Networks.