Beau Donelly reports:
A government authority has leaked the billing and contact details of Victorians online, but decided against telling affected customers even though the privacy breach posed a “medium to high” level threat.
The undisclosed state authority responsible for the breach notified Privacy Victoria about problems affecting its online payment system after discovering the personal information of some customers could be seen by other users.
According to the Victorian Privacy Commissioner’s annual report, tabled in state parliament on Thursday, the exposed details included customers’ full names, home addresses and amounts owing on bills.
The state government and the Privacy Commissioner’s office would not say which statutory authority was involved. Deputy Privacy Commissioner, Helen Lewin, said less than 50 customers had been affected by the breach and that the incident did not involve the release of credit card details.
Read more on The Age.
When you have to be TOLD to notify consumers, you’re doing breach response wrong, unnamed authority.