‘Asleep at the Wheel’: Senator Decries Labor Over Data Leaks, Warns of Million-Dollar Losses

Hume’s remarks come in response to revelations of mishandled information, raising concerns about the government’s ability to safeguard sensitive data.
‘Asleep at the Wheel’: Senator Decries Labor Over Data Leaks, Warns of Million-Dollar Losses
Shadow Finance Minister Jane Hume during a doorstop in the media gallery at Parliament House in Canberra, Australia, on March 18, 2021. Sam Mooy/Getty Images
Isabella Rayner
Updated:
0:00

Shadow Finance Minister Jane Hume strongly criticised Labor’s response to recent data leaks, accusing the finance minister of being “asleep at the wheel” while taxpayers faced potential million-dollar losses.

The Department of Finance launched an investigation after an accidental email leak to suppliers exposed sensitive contract information and personal details of hundreds of service providers.

The mistaken email, sent recently to 236 suppliers, contained a spreadsheet with confidential tender prices and personal data from up to 400 service providers, echoing a similar Department of Health breach in November last year.

“Finance Minister Katy Gallagher should explain why she didn’t put more effort into resolving the damage caused by the same breaches of privacy and commercially sensitive information when it happened only three months ago, and to prevent it from happening again,” Ms. Hume said.

“Instead, we got bland assurances that it wouldn’t. Now we see that she was still asleep at the wheel,” she said.

She expressed concern that Ms. Gallagher’s “lack of interest in her job” could result in lawsuits from affected parties.

“Companies and individuals impacted by this gross incompetence may exercise their rights against the Commonwealth, potentially costing taxpayers millions,” she said.

She urged Ms. Gallagher to clarify how hundreds of businesses had their privacy breached months after the November breach.

In November, a department officer mistakenly uploaded confidential pricing information from hundreds of firms to the wrong section of AusTender, The Australian Financial Review revealed.

The information was then included in a request for quotes from government departments, potentially reaching 22 service providers.

The providers were required to commit to confidentiality and were monitored to ensure they didn’t use the information for a competitive edge.

“Companies impacted [in the latest incident] need more than an apology from the Department, and clearly no assurance that this problem won’t be repeated will suffice,” Ms. Hume said.

“This isn’t just a one-off, this is now a track record of incompetence.”

Labor: Confidential Information Disclosure ‘Regrettable’

The finance department said it discovered the mishandled email on Feb. 19, five days after it happened.
“On 14-15 February 2024, the Department of Finance, as contract managers for the Management Advisory Services Panel, emailed 236 suppliers with details of their updated pricing. The email included embedded information with some third-party confidential information,” it said in a statement.

“Please note that no third-party confidential information would have been accessed or viewed by a person who simply opened the email or its attachments.”

Finance called all 236 suppliers to request the deletion of the email and its attachments, followed by a subsequent email asking for written confirmation of the deletion.

Additionally, it informed all suppliers on the Management Advisory Services Panel—the federal government’s central hub for buying management, policy, technical, and legal advice—about the issue and the actions taken so far.

While Ms. Gallagher is attending a G20 meeting in Brazil, Finance Department Secretary Jenny Wilkinson announced that former Commonwealth Ombudsman Michael Manthorpe would lead a review into the leak.

“The review will consider the circumstances that led to the unauthorised disclosure of the information, as well as the department’s systems and processes,” Finance said.

Additionally, it apologised for the “oversight.”

“The potential disclosure of this third-party confidential information is regrettable.”

Accenture, Boston Consulting Group, Deloitte, KPMG, and Minter Ellison were among the big firms to have information leaked.

Health and Finance Sectors Lead Breach Reports in 2023

The Office of the Australian Information Commissioner (OAIC) revealed the health and finance sectors reported the highest number of breaches in the six months leading to December 2023, with 104 and 49 incidents, respectively.

About 12 breaches in the government were malicious or criminal, while 26 resulted from human error.

Of the 26 human error breaches, 13 involved sending personal information to the wrong person, 11 resulted from unauthorised disclosure of personal information, and two concerned the loss of paperwork or a data storage device.

Additionally, the government accounted for the largest proportion (55 percent) of notifications made to the OAIC more than 30 days after the agency became aware of the incident.

“These statistics suggest Australian government agencies should check they have effective systems for detecting, assessing, responding to, and notifying data breaches. Such systems are fundamental to an agency’s ability to meet the Notifiable Data Breaches (NDB) scheme’s requirements,” OAIC said.

Australian Information Commissioner Angelene Falk said the scheme—which mandates any organisation or agency under the Privacy Act 1988 to inform affected people and the OAIC about data breaches likely to cause serious harm to their personal information—is now well established, and organisations are expected to comply.

“If a data breach does occur, organisations should put the individual at the front and centre of their response, ensuring they are promptly told so their risk of harm can be minimised,” she said.
Isabella Rayner
Isabella Rayner
Author
Isabella Rayner is a reporter based in Melbourne, Australia. She is an author and editor for WellBeing, WILD, and EatWell Magazines.
Related Topics