National

Centrelink apologises for new privacy breach

Centrelink has apologised to hundreds of users of the myGov web portal after their contact details were shared with hundreds of strangers – twice.

The latest federal government data breach is being blamed on a rookie email error, someone at the giant Department of Human Services hitting the CC button on an email instead of the BCC button.

There has been another tech fail from the people behind myGov.
There has been another tech fail from the people behind myGov. 

When the department realised it had disclosed the email contact details of hundreds of its customers on October 24, it tried to recall the email containing the information, but only succeeded in sending it again.

Despite the blunder, Human Services' service delivery boss Darren Box insists that myGov is the best way for millions of Australians to manage their dealings with the federal government.

Mr Box says that no myGov passwords or other potentially compromising material was disclosed by the blunder.

The email addresses that were made public belonged to clients who had been locked out of their account, a frequent occurrence, and asked for replacement passwords.

Advertisement

One user from regional NSW who did not wish to be identified, told Fairfax she was astonished to find eight pages of email addresses attached to what should have been a routine email from Human Services and to realise her own contact details had been shared.

"Privacy? Sent by their IT department," the woman told Fairfax.

"The mind boggles.   

"Just another mess from this department supposedly there to assist people."

On the day after the leak, Mr Box wrote to hundreds of myGov customers apologising for the "administrative error".

"As a result of an administrative error, your email address was unintentionally sent using the Carbon Copy (CC) rather than the Blind Copy (BCC) function in an email to a number of other individuals who had also requested to create a new myGov account," Mr Box wrote

"This meant that your email address was unintentionally disclosed to the other individuals to whom the email was sent.

"In an attempt to recall this email, regrettably, your email address was disclosed to these same recipients a second time. 

"I sincerely apologise for any distress that may have been caused as a result of this incident. 

"Please know that your myGov and linked member service information remains secure and has not been impacted by this administrative error.

"The department takes its privacy obligations very seriously and is implementing steps to ensure this does not happen again."

Advertisement

0 comments