14 DAY TRIAL // The Federal Privacy Commissioner is planning an investigation in the matter of the First State Super neglecting to properly secure the data of their customers.
Recently we've learned about private security consultant Patrick Webster who contacted the pension fund after noticing an unacceptable flaw in their security. Instead of praises and thank-you's he received a visit from the local police to question him about his evil doings.
The whole incident seemed to fade away but now, the Federal Privacy Commissioner is displeased with the fact that only the 500 customers whose accounts were accessed during Webster's tests were notified, even though the weakness could have allowed for anyone with keen observation skills to illegally obtain classified data.
According to The Sydney Morning Herald, experts around the world agree that this is one of the most common security vulnerabilities found in web applications, but for a company of this size, being responsible for 770,000 people, something like this should never happen.
The same experts agree that they highly doubt the company's ability to check if in fact only the accounts Webster tested were the ones exoposed.
"Any client where there was a potential for their data to be compromised should be advised," said acting NSW Privacy Commissioner John McAteer.
The First Super kept stating that they're certain no other customer could be harmed as a result of the flaw, but after the Federal Privacy Commissioner, Timothy Pilgrim, mentioned the start of an investigation, they quickly acted to alert all their clients by posting a statement relating to the issue on their website.
“First State Super appreciates that the actions of the person involved has allowed us to address an undetected weakness in our online security. Subject to his compliance and cooperation in ensuring that the unauthorised statements he downloaded have been destroyed, we have no intention of taking any other action against him,” reads the end of their statement.
That's almost like saying “I'm sorry” and “Thank you” at the same time.