Story image

Tasmanian elector data breached via forms on Electoral Commission site

03 Jul 18

Last week, the Tasmanian Electoral Commission was informed by Barcelona-based company Typeform that an unknown third party had gained access to one of their servers and downloaded certain information. 

Typeform online forms have been used on the TEC website since 2015 for some of its election services.

The breach involved an unknown attacker downloading a backup file. 

The breach was identified by the company on June 27, 2018, with the vulnerability closed down within half an hour of detection.  

Typeform’s full investigation of the breach identified that data collected through 5 forms on the TEC website had been stolen. 

Whilst some of the stolen elector data captured in some of these forms has already been made public, such as candidate statements for a local government by-election, it is believed that the breach also captured name, address, email and date of birth information provided by electors when applying for an express vote at the recent State and Legislative Council elections.

The Electoral Commission will be contacting electors that used these services in the coming days to inform them of the breach.

The Electoral Commission apologised for the breach and promised to re-evaluate its collection procedures and internal security elements around its storage of electoral information for future events.

The breach has no connection to the national or state electoral roll.

Two weeks ago, a breach of online recruitment services organisation PageUp left personal data from the staff at the Australia Attorney-General’s Office exposed.

Malware was found on the company systems used to store private data, including banking details and personally identifying details.

Other employers that were using PageUp’s human resources software included Telstra, Medibank, Australia Post, and more. 

In a statement, PageUp says that while sensitive data was accessed, it “has advised that no employment contracts, applicant resumes, Australian tax file numbers, credit card information or bank account information were affected.”

“In other words, no Australian information may actually have been stolen.”

Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
The disaster recovery-as-a-service market is on the rise
As time progresses and advanced technologies are implemented, the demand for disaster recovery-as-a-service is also expected to increase.
Cohesity signs new reseller and cloud service provider in Australia
NEXION Networks has been appointed as an authorised reseller of Cohesity’s range of solutions for secondary data.
The key to financial institutions’ path to digital dominance
By 2020, about 1.7 megabytes a second of new information will be created for every human being on the planet.
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
What disaster recovery will look like in 2019
“With nearly half of all businesses experiencing an unrecoverable data event in the last three years, current backup solutions are no longer fit for purpose."
NVIDIA sets records with their enterprise AI
The new MLPerf benchmark suite measures a wide range of deep learning workloads, aiming to serve as the industry’s first objective AI benchmark suite.
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.