500,000 Addresses Leaked From Australian State Government Database

500,000 Addresses Leaked From Australian State Government Database
A QR code is seen at the entrance of a restaurant in Sydney's CBD, Australia, on July 13, 2021. Jenny Evans/Getty Images
Daniel Y. Teng
Updated:

Over half a million addresses collected by New South Wales (NSW) as part of its COVID-19 safety program were leaked last year, according to data obtained by 9News.

The 566,318 addresses included the details of businesses, organisations, and government departments who were registering as COVIDSafe with the NSW Department of Customer Service.

Less than one percent of those addresses—around 428—were considered sensitive, according to the department, including the location of a defence site, missile maintenance unit, domestic violence shelters, prisons, and critical infrastructure like power stations and tunnel sites.

The dataset was discovered on a government website by a technology specialist, Skeeve Stevens in September 2021 who alerted cyber experts, who in turn, told the NSW government.

“If the wrong people got hold of this it could’ve been used for bad things,” Stevens said in comments obtained by 9News.

“Some of the scary things we were searching—firearms, armoury, federal police, and where storage locations were—perhaps someone should’ve thought about what should and shouldn’t have been disclosed.”

NSW Customer Service Minister Victor Dominello has also been criticised for not immediately alerting the state premier, according to a state budget estimates hearing on March 7.

While he was updated twice about the matter in September, Dominello said he did not tell the premier because it was being resolved by the privacy commissioner.

“The agency did the right thing, it reported up to the privacy commissioner, they notified the relevant stakeholders and then contacted all those affected to the satisfaction of the privacy commissioner and the matter was resolved at that point,” he told the hearing.

“I definitely didn’t (tell the premier). And ultimately, the buck stops with me.”

The committee also heard that 428 sensitive locations were made public.

Concerns have plagued the safety of data collected by government contact tracing and COVID Safe systems.

In June 2021, West Australian and Queensland police were found to have accessed contact tracing data to aid in ongoing investigations. While police in Victoria tried on three occasions to access data but were blocked by the state’s health department.

Yet, it was later revealed that data collected under the Victorian government’s system could be accessible to third parties such as police, government agencies, or the public health service in “life or death” situations.

“I want to be very, very clear that that is a very, very narrow base that’s provided for in the legislation, that is only there for those extreme circumstances,” Victoria’s then-Acting Premier Jacinta Allan told reporters on Dec. 29.

The Australia Institute’s Centre for Responsible Technology called on state governments to “regain the public’s trust” to ensure privacy rights were not whittled away by the widening use of technology in COVID-19 compliance measures.
Daniel Y. Teng
Daniel Y. Teng
Writer
Daniel Y. Teng is based in Brisbane, Australia. He focuses on national affairs including federal politics, COVID-19 response, and Australia-China relations. Got a tip? Contact him at [email protected].
twitter
Related Topics