Debt Collection Specialists | Sydney | LCollect
Debt Collection Agency | LCollect

Debt Collection News


At LCollect we believe that knowledge is power. Every month our debt collection blog gives you practical tips, stories and news from around Australia and the world.

Christians Against Poverty Data Breach

Friday, August 12, 2016 - Posted by Michael McCulloch

We have today received correspondence from Christians Against Poverty ("CAP") advising of a data breach at the beginning of the month where some systems were compromised in their UK data centre.

In a message on their website Aimee Mai, CEO of CAPI Australia and New Zealand, said:

"On 1 August 2016 CAP UK identified some suspicious activity on the computer systems that are responsible for the development of CAP Australia's systems. This presents a potential security risk for those whose data is held by Christians Against Poverty.

Investigations show that some, but not all, of our systems were compromised last week. As soon as we identified this IT security experts were called in. They confirmed that although the servers and systems were well protected, we have fallen victim to a sophisticated, illegal, external attack.

Unfortunately, this means that details belonging to supporters and clients (both current and former) may have been accessed. These details could include full or partial names, addresses, email, phone numbers, and in some instances, bank account and credit card numbers. I’m really disappointed that this has happened, and we are taking immediate steps to address this issue.

We are in the process of contacting all affected people and have set up a web page to answer many common questions. We also have a dedicated email address and phone line for anyone with further queries or concerns".

We have confirmed that a page has been setup on their website here that answers some questions and provides an email address and contact number for those that may be concerned about their data.

What we have found alarming is that the correspondence sent to us was dated Tuesday, 9 August which is over a week since the breach was known and subsequent searches of media outlets across Australia has failed to locate any reference to the breach.

So what should you do if there is a breach of personal and / or sensitive information? The Office of the Australian Information Commissioner has some great information that you can download here.

Update 16/08/2016: On 2 occasions prior to the release of our August 2016 newsletter we have asked the OAIC for a response to the breach. This was done via email and social media and to date we have not received a response. We will update this blog post if / when a response is received.

Update 25/08/2016: We have now received a written response from OAIC which we have reproduced below:

Thank you for your email.

Data breach notifications are generally provided on a confidential basis and it is not standard practice for the OAIC to make a data breach notification public. The intention of the notification is for the OAIC to review the steps taken to contain, evaluate, notify affected individuals and prevent future breaches and to consider if they are appropriate in the circumstances.

For more information on how the OAIC expects an APP entity to respond to a data breach, please see our DBN Guide.

Recent Posts


Tags


Archive

Copyright © LCollect 2018 | All Rights Reserved | Licensed Mercantile Agent License #409661517 | ABN 44 089 892 688 |
Australian Credit Licence #430659
HomeSite Information | Privacy Policy