Dfat inadvertently revealed the email addresses of almost 3,000 vulnerable Australians stranded overseas in a data breach.
The addresses were included in an email sent to multiple recipients before midday by the Covid-19 consular operations section of Dfat.
The addressees were mistakenly listed in the ‘to’ field, rather than ‘bcc’, making them visible to other recipients.
No other personal information of any recipient was disclosed.
TPRM report: https://scoringcyber.rankiteo.com/company/dfat
"id": "dfa222219123",
"linkid": "dfat",
"type": "Data Leak",
"date": "09/2020",
"severity": "50",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'customers_affected': '3,000',
'industry': 'Public Service',
'location': 'Australia',
'name': 'DFAT',
'type': 'Government Agency'}],
'attack_vector': 'Email Misconfiguration',
'data_breach': {'number_of_records_exposed': '3,000',
'sensitivity_of_data': 'Low',
'type_of_data_compromised': ['Email Addresses']},
'description': 'DFAT inadvertently revealed the email addresses of almost '
'3,000 vulnerable Australians stranded overseas in a data '
'breach. The addresses were included in an email sent to '
'multiple recipients before midday by the Covid-19 consular '
'operations section of Dfat. The addressees were mistakenly '
"listed in the 'to' field, rather than 'bcc', making them "
'visible to other recipients. No other personal information of '
'any recipient was disclosed.',
'impact': {'data_compromised': ['Email Addresses']},
'title': 'DFAT Email Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Email Misconfiguration'}