Data loss creates drama at AFP

It's hard to believe the nation's peak Internet crime fighting agency, the Australian High Tech Crime Centre (AHTCC) doesn't encrypt all files.

But according to media reports, banking details of thousands of Australians were exposed last year when an Australian Federal Police (AFP) agent lost information on a memory stick.

The device, with details of 3500 customers from 18 banks, was lost between Sydney and London and the AHTCC, whose members are drawn from the AFP, elected not to advise customers of the data breach.

SIFT Information Security Services principal consultant Nick Ellsmore said the use of USB drives isn't the main issue, but the real problem is lack of password protection and encryption.

"Using these devices is fine as long as data is encrypted, it is no different to encrypting e-mail," Ellsmore said, adding that the biggest problem with USB drives is information theft by employees.

The media report said the officer had broken several rules about transporting classified information.

"It is a classic example of how you can have all the standards and technology in the world; but it is of little use if policies are not followed by users," Ellsmore said.

Asked about procedures and the use of encryption, an AHTCC spokesperson said the agency was unable to comment immediately.

More details are expected to be made available by the AFP later today.

Only last week, there was a flurry of new data breaches disclosed including ING Financial Services, Union Pacific Corporation and the American International Group.

The latest disclosures bring to more than 190 the number of such incidents reported since the ChoicePoint breach in February 2005 according to a list maintained by the Privacy Rights Clearinghouse.

Join the newsletter!

Error: Please check your email address.

More about Australian Federal PoliceFederal PoliceING AustraliaUnion Pacific

Show Comments

Market Place