While they’re not calling it a ‘breach’, the SA government lost the personal details of a million home owners.
The South Australian Government has been forced to shut down guest access to its online land titles registry after an unidentified overseas “guest user” was able to download the personal details of more than a million Australian home owners.
The state’s Integrated Land Information System (SALIS) provided anyone free access to a range of personal data including the identity of property owners, the mortgage details of properties as well as their historical ownership.
It also provided details of property transfers and other information that could potentially be used to develop a false identity.
Not a “breach”
While the site has now been shut down, there is nothing the government can do about the mass downloading of details because the actions were taken legally – and can therefore not be considered a data breach.
A government spokesperson has said it never intended to make such a broad range of details so easily accessible, leading to accusations of government irresponsibility and incompetence.
Who wants the information and why?
The spokesperson claims not to be aware why anyone would want the details, but cyber security experts make clear that such extensive details can be used as a basis to develop fake identity documents or otherwise commit cyber fraud.
The government has nevertheless gone on the defensive, stating “no access to data has been provided other than that which is legally available under legislation.”
It has also assured property owners that it is now working on a long-term solution that will better secure the data and enable “appropriate access”.
Data abuse, scams and data matching
There are specific concerns the information may be used for mortgage scams, or to otherwise match the data with that available elsewhere – which is called “data matching” – to easily develop identity documents.
Cyber experts make clear that the value of data to cyber criminals increases with its extensiveness, and that the free provision of this amount and kind of data in one place is a honeypot for criminals.
Australians becoming concerned
Earlier this year, the former head of ASIO warned top government officials that Australia is not in a position to deal with cyber-crime and threats to online security, after a massive influx in cyber-attacks in recent years.
Much of the problem has to do with the fact that Australia lacks a co-ordinated national approach to online security, and sensitive data is held across various state and government networks. Another issue is we currently lack a dedicated organisation which can work with other international agencies to catch cyber-criminals who are based overseas.
In 2017, Prime Minister Malcolm Turnbull announced a $230 million cyber-security strategy, but experts say funding is not the only problem – Australia’s wealth combined with our shortage of experts in this highly-specialised area make us an extremely attractive target.