The home affairs department for a data breach revealed the personal details of 774,000 migrants and people aspiring to migrate to Australia, including partial names and the outcome of applications.
With just two clicks, users of the app can view a range of fields including the applicants’ “ADUserID”, a unique identifier composed of partial name information and numbers.
Searches by Guardian Australia revealed the public database contained 774,326 unique ADUserIDs and 189,426 completed expressions of interest, searchable as far back as 2014.
Other information available includes the applicants’ birth country, age, qualifications, marital status, and the outcome of the applications.
TPRM report: https://scoringcyber.rankiteo.com/company/australian-department-of-home-affairs
"id": "aus2221291222",
"linkid": "australian-department-of-home-affairs",
"type": "Breach",
"date": "05/2020",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 774000,
'industry': 'Government',
'location': 'Australia',
'name': 'Home Affairs Department',
'type': 'Government Agency'}],
'attack_vector': 'Public Database Exposure',
'data_breach': {'number_of_records_exposed': 774326,
'personally_identifiable_information': ['Partial names',
'Birth country',
'Age',
'Qualifications',
'Marital status'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal Details',
'Application Outcomes']},
'description': 'The home affairs department revealed the personal details of '
'774,000 migrants and people aspiring to migrate to Australia, '
'including partial names and the outcome of applications.',
'impact': {'data_compromised': ['Partial names',
'Application outcomes',
'ADUserID',
'Birth country',
'Age',
'Qualifications',
'Marital status']},
'references': [{'source': 'Guardian Australia'}],
'title': 'Data Breach in Australian Home Affairs Department',
'type': 'Data Breach',
'vulnerability_exploited': 'Improper Access Control'}