14 DAY TRIAL // The Australian Competition and Consumer Commission (ACCC) is notifying subscribers that their email addresses have been inadvertently made available online. The data could be misused, so the Information Commissioner has been notified of the incident.
The data breach came to light on April 11, 2014, but it’s uncertain for how long the information had been accessible. Consumers are being notified of the incident via email.
The subscribers of four websites are affected. The list of impacted sites includes Recalls Australia, Product Safety Australia, SCAMwatch and ACCC Public Registers.
The ACCC highlights the fact that the information hasn’t been indexed by search engines or linked from any webpage on the impacted websites. Instead, only someone with the ULR could have accessed the email addresses.
“The ACCC resolved this issue as soon as it became of aware of it,” the emails, signed by the ACCC’s Chief Information Officer Adrian Walkden, read.
“As you have subscribed to an alert on one of the affected websites, we are informing you that your email address may have been publicly available from our website if an intentional attempt was made to access it,” Walkden added.
“We sincerely apologise to you and any other affected users. The ACCC takes the issue of privacy, including any breaches, very seriously. We are currently investigating how this issue occurred and have reported the breach to the Office of Australian Information Commissioner.”
The organization warns that scammers might leverage the incident in an effort to trick users into handing over personal or financial information by sending out emails that appear to come from the ACCC.
“If you have any doubts about an email's source, verify the sender by independent means - use their official contact details to check the email is legitimate before clicking on links or opening attachments,” the ACCC’s notifications read.
Users who have any questions are advised to call the ACCC Infocentre at 1300 302 502. While email addresses are not as valuable to cybercriminals as credit card data or passwords, this piece of information can be leveraged to obtain the more sensitive details. If an attacker knows his target’s email address, and knows that he/she is a customer of a certain service, social engineering tactics become more efficient.
Government agencies should really be more careful with how they handle consumers’ information. This time, it was only some email addresses, but next time, it could be something even more sensitive.