A resident of Moreton Bay, Australia was shocked to discover that the private information of several resident ratepayers in the region, including their friends and neighbors, had been accidentally published on the Moreton Bay council’s official website.
The leaked information included names, residential addresses, email addresses, and phone numbers, as well as resident complaints to the council and details about council investigations.
Data Breach Discovered By Local Resident
City of Moreton Bay resident Piper Lalonde, who works as a data analyst, had discovered the breach along with her husband. They were shocked to learn that their personal information was freely available on the council’s customer request online portal.
The couple had discovered that the information included their phone numbers, complaints, and requests that they had made for new bins, along with the GPS coordinates of where the requests had been filed. A further investigation into the breach had revealed that the personal information of some of their friends and neighbors who were fellow ratepayers were also available in the records after they conducted a search.
Piper reported this information to the council, with the website being taken down the next day. However, she was still unsatisfied with the lack of notification about the incident to impacted residents. Piper stated, “I would expect they’d have to send out some formal communication letting people know their information was publicly accessible, but there was no indication they were going to do that.”
She expressed concern about the possibility of people stumbling upon complaints made about them by other residents. She added, “If this gets in the wrong hands — it just takes one person to see a complaint about them, and who knows what they’ll do.”
City of Moreton Bay Responses to Data Breach
After Piper’s report, the website was said to be taken down. The site appears to be functional as of now, with some functions still limited. The website includes an official notice in response to the incident.
Source: moretonbay.qld.gov.au
We are experiencing system difficulties with our customer request portal. Our third-party provider is investigating a possible information breach. The cause is yet to be determined but there is no indication this is a cyber attack. We will never contact you via unsolicited calls to request sensitive information. No action is required from you at this stage. We will continue to keep you informed.
The notice appears to indicate that the breach stemmed from a third-party provider. The Cyber Express team has reached out to the Moreton Bay Council’s Privacy Officer for further information on the breach, however no response has been received as of publication time.
The potential scale of the data breach, as well as its impact on residents, is currently unknown. It is also unclear on how many individuals may have accessed the available data before the website had been temporarily taken down and subsequently limited.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
Source: Read More