Yet another example of why the Australian Government's desire for the ultimate big data pool of citizen' personal information is a bad idea

This time it was the Australian Red Cross releasing 1.28 million donor records, containing first name, last name, gender, physical address, email address, phone number, date of birth, blood type, previously blood donations, country of birth, when record was created, type of donation, date of donation and donor eligibility answers including any sexually transmitted disease or drug use history.

This information was publicly available for viewing and download from 5 September to 26 October 2016.

           

IT News, 28 October 2016:

More than one million personal and medical records of Australian citizens donating blood to the Red Cross Blood Service have been exposed online in the country’s biggest and most damaging data breach to date.

A 1.74 GB file containing 1.28 million donor records going back to 2010, published to a publicly-facing website, was discovered by an anonymous source and sent to security expert and operator of haveibeenpwned.com Troy Hunt early on Tuesday morning.

The database was uncovered through a scan of IP address ranges configured to search for publicly exposed web servers that returned directory listings containing .sql files.

The contents of the 'mysqldump' database backup contains everything from personal details (name, gender, physical and email address, phone number, date of birth and occasionally blood type and country of birth) to sensitive medical information, like whether someone has engaged in at-risk sexual behaviour in the last year.

The database collected information submitted when an individual books an appointment - either on paper or online - to donate blood. The process requires donors to enter their personal details and fill out an eligibility questionnaire.

It does not contain data on blood reports or analyses, or responses to the full donor questionnaire all blood bank visitors are required to fill out at the time of their donation.

The database was published on the webserver of a Red Cross Blood Service technology partner that maintains the service's website, not the organisation’s www.donate.blood.com.au site where online bookings are made.

"This is a seriously egregious cock-up - this should never happen," Hunt told iTnews.

"There are no good reasons to put database backups on a publicly-facing website." The issue was compounded by the fact that directory browsing was enabled on the server, he said.

The file was removed on Wednesday. Hunt said there was no evidence of it having been accessed by anyone else, and both he and the anonymous source had deleted their copies.

Australia’s computer emergency response team, AusCERT, has been working with the Red Cross after being notified to the breach by Hunt on Tuesday.

The Red Cross indicated around 550,000 individual donors were impacted.

It attributed the issue to "human error" and said it was "deeply disappointed" to be in this position.

The service has started notifying affected donors today.

The Australian, 29 October 2016:

The Red Cross admitted it did not know how many people had accessed the information, which was publicly available from September 5 until Wednesday.

The breach was revealed by an unknown person who alerted Microsoft employee Troy Hunt, who runs a data breach notification service. Mr Hunt reported the breach to cyber-threat group AusCert, which in turn alerted the Red Cross.

The incident is being investigated by the Australian Federal Police, the Department of Health and the Australian Privacy ­Commission.

Red Cross Blood Service chief executive Shelly Park yesterday urged people to continue ­donating blood, saying information was now secure. “To our knowledge, all known copies of the data have been ­deleted. However, investigations are continuing,” Ms Park said.

But Mr Hunt said there was no guarantee the information had been completely erased, adding the breach was the latest ­illustration of how basic mistakes are key contributors to ­personal data being accessed by others.

“There was nothing new in how this data was accessed, this was just plain, old stupidity,” he said. “The real question this raises is should this data have been ­retained in the first place and why a third party needed the information at all.”

According to breachlevelindex.com in the first half of 2016 the Asia Pacific Region experienced 76 significant data breaches, 22 of which were in Australia.

Earlier this year: a Menulog exposed breach exposed 1.1 million records containing customer names, addresses, order histories and phone numbers [the exact quote in the CIO Australia article linked to here was "suffered from a breach of 1.1 million records leaving customer names, addresses, order histories and phone numbers exposed"- The Ideas Suite public relations agency acting on behalf of Menulog 
contacted North Coast Voices and would prefer to characterize this breach as "A former Menulog employee stumbled upon the private details of the company's customers, including customer names and email addresses". It is noted that the journalist quoted does not appear to have been asked by this agency to amend the original 21 September 2016 CIO Australia article as it remains as first published]; a malicious hacked dump of 67,118 Shadi.com customer records, recruitment agency Sarina Russo exposed client financial records which were dumped in a bin next to the office; disability information on nearly 7,000 current/former Sydney University students was exposed; customer accounts details on The Sydney Morning Herald and The Age digital editions, the Do Not Call Register and industry group CompTIA were also breached.

Also in 2016: the Australian Bureau of Statistics released contact names linked to more than 5,000 Queensland businesses in what was described as a “human error”; the Health Department was forced to remove data from its website amid an investigation into whether personal information has been compromised; and the Australian Public Service Commission confirmed it had withdrawn data gathered in its massive annual employee census from public view – but not before the data set containing the details of 96,700 federal public servants has been accessed by unknown persons 58 times. The Queensland Dept. of Premier and Cabinet and Dept. of Tourism were also maliciously hacked - along with the Maitland office of the NSW Dept. of Resources and Energy. 

In the 2015-16 financial year Victoria Police had 453 "information security incidents"  - up 36 per cent on the year before, with 27 incidents of police officers inappropriately accessing computer systems (including the Law Enforcement Assistance Program LEAP) and 40 instances of police data released without authorisation.

In 2015 K-Mart Australia’s online shopper database was hacked. Payroll systems were breached, harvesting extensive personal details (including names, address, dates of birth, tax file numbers, bank account details, gross earnings and superannuation funds and membership numbers) of up to 500 workers a day and the information used to lodge fraudulent tax returns with the Australian Taxation Office.

Additionally in 2015 Telstra customer’s admin and user credentials were stolen - including those of the Australian Federal Police. Similarly, the Patagonia Clothing Company, Aussie Farmers, David Jones, Queensland TAFE experienced data breaches where personal information was hacked and, 31,140 Optus customers’ had their personal and credit history information publicly posted on the website freelancer.com by the debt collection agency ARC Merchantile.

In 2014 Centrelink left revealing personal and financial details of clients lying around at a suburban railway station and the Department of Immigration and Border Protection unlawfully disclosed the personal information of approximately 9,250 asylum seekers by publishing a word document on a public page of the department’s website.

An estimated 800 million records were lost in 2014, mainly through cyber-attacks, and such attacks are thought to cost large Australian enterprises an average of $8.3 million a year.

With this unhealthy mix of ongoing institutional incompetence and determined malicious hacking risking the privacy of so much personal information, is it any wonder that concerned individuals look on the Turnbull Government’s drive to create a national database - which it will continuously update with additional medical, legal, financial, social and family information on each person born and/or residing in this country – as a gigantic honey hive ripe for the robbing?

Oh, and in case social media users are feeling comfortable about their own privacy on major online platforms – in June 2016 the Facebook application known as Uiggy was hacked and 4.3 million accounts were exposed along with names, genders, and Facebook IDs (2.7 million of which had email addresses against them) and on 27 October 2016 there was a Pastebin dump of 32 million Twitter accounts along with an invitation to use the details to hack further.

"I don't know who the dickhead is that thought up this incredible, brilliant idea; it's just a total waste of taxpayers' money" - Warren Mundine

Having read the following media release last Thursday I feel sympathy for Warren Mundine’s obvious sense of frustration at the announcement of yet another ‘make busy’ inquiry into the criminal justice system and indigenous incarceration.

It was only in March last year that the Senate Finance and Public Administration Committees began an Inquiry into Aboriginal and Torres Strait Islander Experiences of Law Enforcement and Justice Services, which received fifty-one submissions and held hearings in Perth, Sydney and Canberra.

The final report was due on 25 August 2016, however as Prime Minister Malcolm Turnbull pulled the plug on all current parliamentary inquiries on 9 May 2016 by calling a double dissolution federal election, time spent, taxpayers’ money and the efforts of concerned parties have come to naught.

Rather like most of the recommendations of previously completed state and federal inquiries into the Aboriginal experience of Australian society and its institutions.

UNCLASSIFIED

SENATOR THE HON GEORGE BRANDIS QC

ATTORNEY-GENERAL

LEADER OF THE GOVERNMENT IN THE SENATE

SENATOR THE HON NIGEL SCULLION

MINISTER FOR INDIGENOUS AFFAIRS

JOINT MEDIA RELEASE­

ALRC inquiry into incarceration rate of Indigenous Australians

Today we announce that the Turnbull Government will ask the Australian Law Reform Commission (ALRC) to examine the factors leading to the over representation of Indigenous Australians in our prison system, and consider what reforms to the law could ameliorate this national tragedy.

It has been 25 years since the final report of the landmark Royal Commission into Aboriginal Deaths in Custody, but Indigenous Australians are still overrepresented in Australia’s prisons. In 1991, Indigenous Australians made up 14 per cent of our nation’s prison population; by 2015, this had increased to 27 per cent.

Other worrying statistics include the fact that Indigenous children and teenagers are 24 times more likely to be incarcerated than their non-Indigenous peers, while Indigenous women are 30 times more likely to be incarcerated.

The ALRC’s inquiry is a critical step for breaking through these disturbing trends. The terms of reference will be subject to consultation, particularly with Indigenous Australians, state and territory governments who have primary responsibility for our criminal justice frameworks, as well as the broader legal profession.

The Turnbull Government is committed to reducing Indigenous incarceration and has committed $256 million in 2016-17 through the Indigenous Advancement Strategy for activities to address the drivers and improve community safety.

27 October 2016

Please tell me how Family First Senator Bob Day has the gall to remain in the Australian Senate after announcing his resignation

Commonwealth of Australia Constitution:

s44. Any person who:

(i)is under any acknowledgment of allegiance, obedience, or adherence to a foreign power, or is a subject or a citizen or entitled to the rights or privileges of a subject or a citizen of a foreign power; or

(ii) is attainted of treason, or has been convicted and is under sentence, or subject to be sentenced, for any offence punishable under the law of the Commonwealth or of a State by imprisonment for one year or longer; or

(iii) is an undischarged bankrupt or insolvent; or

holds any office of profit under the Crown, or any pension payable during the pleasure of the Crown out of any of the revenues of the Commonwealth: or

(iv) has any direct or indirect pecuniary interest in any agreement with the Public Service of the Commonwealth otherwise than as a member and in common with the other members of an incorporated company consisting of more than twenty-five persons;

shall be incapable of being chosen or of sitting as a senator or a member of the House of Representatives.

s45. If a senator or member of the House of Representatives:

1. becomes subject to any of the disabilities mentioned in the last preceding section; or

2. takes the benefit, whether by assignment, composition, or otherwise, of any law relating to bankrupt or insolvent debtors; or

3. directly or indirectly takes or agrees to take any fee or honorarium for services rendered to the Commonwealth, or for services rendered in the Parliament to any person or State;

his place shall thereupon become vacant.

Make no mistake, the following represents the insolvent liquidation of companies owned by Family First Senator Bob Day and family (with Bob Day as sole director) and foreshadows personal insolvency.  There are 207 houses still under construction and building work halted, an unspecified number of employees having no guarantee of full payment of wages/superannuation/holiday pay owed and, an unknown number of business creditors who will presumably meet with the liquidator in November 2016.

The Australian, 18 October 2016:

Senator Day said Home Australia and its subsidiaries in South Australia. Western Australia, Victoria and New South Wales would be liquidated by McGrathNicol.

“As I have always agreed to sign personal guarantees to creditors, this closure also has serious implications for me and my family,” he said.

“Creditor liabilities greatly exceed our assets so we will also lose our family home.

“As for my role as a Senator, I will of course resign.”

Smart Company, 18 October 2016:

Matthew Caddy and Barry Kogan of McGrathNicol have been appointed as liquidators of parent company Home Australia Pty Ltd, as well as seven wholly owned subsidiaries: Homestead Homes Pty Ltd, Collier Homes Pty Ltd, Newstart Homes (SE QLD) Pty Ltd, Ashford Homes Pty Ltd, Huxley Homes Pty Ltd, Nationwide Australian Investments Pty Ltd, and Smart Road Property Rentals Pty Ltd.

Construction on all homes being built by Home Australia has ceased and the liquidators said in a statement on Monday their “immediate objective is to work constructively with relevant insurers and customers in an effort to facilitate the orderly recommencement of construction of uncompleted homes by alternative builders”.

McGrathNicol is also accepting expressions of interest from potential buyers for the entire Home Australia business or individual parts.

The Guardian, 27 October 2016:

Family First senator Bob Day’s collapsed house building empire owes a total of $37.8m, according to their liquidator.

A spokesman for liquidator McGrath Nichol told Guardian Australia on Thursday that the seven companies owe unsecured creditors a total of $19.6m.

The figure dwarfs initial estimates that unsecured creditors were owed $12.5m.

The companies owe a total of $18.2m in secured debt, of which National Australia Bank is owed $17.5m. Those debts will take priority over the unsecured creditors.

Australian Securities and Investments Commission (ASIC) 26 October 2016:

Name:	HUXLEY HOMES PTY LTD
ACN:	106 443 216
ABN:	41 106 443 216(External Link)
Registration date:	24/09/2003
Next review date:	24/09/2017
Status:	External Administration
Type:	Australian Proprietary Company, Limited By Shares
Locality of registered office:	TEA TREE GULLY SA 5091
Regulator:	Australian Securities & Investments Commission

17/10/2016

7E8438321

Notification of Appointment of Liquidator (Creditors' (505J) Voluntary Winding Up)

Unfortunately for parliamentary democracy, Senator Day appears to have now rethought his statement of 17 October that he was resigning from the Senate and now intends to stay indefinitely as his announcement was apparently only one of future intent.

Wellington Times, 24 October 2016:

……Senator Day issued a short statement.

"I refer Fairfax to my statement last Monday expressing an intention to resign as a result of my family company's problems," he said.

One Adelaide-based expert in receivership and company administration said it was unlikely Senator Day's companies could be wound up quickly and suggested a possible bankruptcy was at least six months away.

Parliament will return on November 7 for three final sitting weeks of the year, with the Senate expected to vote on the two bills used for trigger the July 2 double dissolution election.

Senator Day's vote will be crucial as the government seeks nine out of 11 crossbenchers to support the legislation. If he is not present for the votes, he would seek a pair with Labor.

UPDATE

ABC News, 1 November 2016, 12:37pm:

Family First senator Bob Day has tendered his resignation, effective immediately.

Pressure had been mounting on the now-former senator to resign as his construction company crumbled.

World Economic Forum "Global Gender Gap Report 2016" - Australia

In 2016 the World Economic Forum ranked Australia in the top tier when it came to educational attainment – with  females having an equal literacy rate, comparable rates to males when it came to primary and secondary school enrolments and, a much higher rate of enrolment in tertiary education.

Yet this year Australia ranks 46^th out of 144 nations on the Global Gender Gap Index. In 2006 this country managed 15^th place out of 115.

In terms of ranking for economic participation and opportunity Australia was placed 42^nd.

However, in terms of wage equality for similar work (equal wage), high-income classified Australia now ranks 60^th and 57^th on estimated earned income - females on average earning est. 37 per cent less per annum than males.

In overall ranking the countries which do better than Australia are from 1 through to 45; Iceland, Finland, Norway, Sweden, Rwanda, Ireland, Philippines, Slovenia, New Zealand, Nicaragua, Switzerland, Burundi, Germany, Namibia, South Africa, Netherlands, France, Latvia, Denmark, United Kingdom, Mozambique, Estonia, Bolivia, Belgium, Lithuania, Moldova, Cuba, Barbados, Spain, Belarus, Portugal, Costa Rica, Argentina, Luxembourg, Canada, Cape Verde, Bahamas, Poland, Columbia, Ecuador, Bulgaria, Jamaica, Lao PDR, Trinidad and Tobago & the United States.

When it comes to the number of women with seats in parliament or holding ministerial positions, Australia ranks 50^th and 75^th respectively.

At this rate Australian women will reach full economic and political parity with men in about 200 years.