RSS Feed

First State Super breached Privacy Act

June 7th, 2012 FAKE NEWS for the Zionist agenda

The First State Super Trustee Corporation (FSS) has been found to have breached the Privacy Act after its systems were compromised in an incident in October 2011.

As reported by Risky Business at the time, OSI Security director and principal consultant Patrick Webster, discovered that information from FSS’ systems were vulnerable to snooping by other customers of FSS. But upon reporting the incident to the superannuation fund, FSS contacted NSW Police who then went to Webster’s residence and questioned him as a suspect in a hacking case.

While Webster was eventually not charged, the vulnerability he uncovered was still significant. The Privacy Commissioner opened an investigation into the matter and in its report found that personal information that could be downloaded from FSS included member names and addresses, details of superannuation account transactions, balances and members’ ages.

According to the report, FSS had conducted its own penetration tests prior to the incident with its contracted auditing firm, Pillar Administration, performing over 200 security tests, but failing to reveal the flaw Webster would later point out. This was due to the tests’ scope being restricted to a small area of FSS’ activities, and thus completely missing the vulnerability.

However, the commissioner’s report noted that Pillar’s website monitoring system had detected an anomaly prior to Webster notifying FSS, and even if Webster had not informed the superannuation fund, it should have been able to close its vulnerabilities.

“In the Commissioner’s view, FSS would therefore have had the capacity to remedy this flaw in its system, even if it had not been advised of the vulnerability by [Webster]. However, because testing was limited, the vulnerability was not discovered until it had already been exploited,” the report read.

Due to FSS’ inaction prior to the incident, the report concludes that FSS breached National Privacy Principle 4.1, which “requires organisations to take ‘reasonable steps’ to protect the personal information they hold, from misuse and loss, and from unauthorised access, modification or disclosure”.

However, FSS’ actions in improving its security, which includes immediately containing the incident, conducting an internal investigation, reviewing its security and seeking external advice, had led the commissioner to cease its investigation on the basis that “the response to this incident appears adequate in the circumstances”.

As for Webster, he appears to be clear of any perceived wrong-doing, with the report noting that “there is currently no ongoing legal action against [Webster] by either FSS or NSW police”.

Related posts:

France Will Soon Host Thermonuclear Star-Making Technology
Billions to be Automatically Slashed From U.S. Budgets
Eight charged after NSW police drugs blitz
Mother sticks by Kapunda killer Jason Alexander Downie
Zynga Stock Drops Below $5 -- Facebook Gaming Decline to Blame? [POLL]
‘Al Saud regime doomed to fall’
Posted in IT News Tags: ,
«
»
You can skip to the end and leave a response. Pinging is currently not allowed.

Leave a Reply

Powered by WordPress | Designed by: Premium WordPress Themes | Thanks to Themes Gallery, Bromoney and Wordpress Themes