Australia Post in online privacy breach (updated)

Natasha Bita reports:

Another Australia Post computer glitch has exposed the names and locations of thousands of Australians who have been sent parcels.

Australia Post was forced to shut down its electronic parcel tracking service yesterday, after an angry customer blew the whistle on the privacy and security breach.

Customers who typed a random number into the online parcel tracking system were provided with the details of thousands of customers. The bungle came barely a fortnight after Australia Post was forced to suspend its “click and send” service – used for online shopping – after the names and addresses of customers were exposed by manipulating the website’s URL.

Read more on Herald Sun. How much did they investigate their security after their first breach – or more importantly – before the first? It sounds like their site was inadequately secured from the git-go and this all could have been avoided.

Update: News.com.au provides additional details:

The names, addresses, businesses, email addresses, landline and mobile numbers of Australia Post recipients are being exposed by simply manipulating the website URL.

 Claire Connelly’s report indicates that this was Australia Post’s third security incident in four weeks.

About the author: Dissent

Comments are closed.