Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
FOIREQ19/00173 002
FOIREQ19/00173 003
initiated a review of the ongoing contract with Telco Management, which has
identified further safeguards to prevent reoccurrence of this issue.
I note from Mr Stefanic’s letter that DPS’s review of the incident is ongoing. I would be
grateful if DPS would provide the OAIC with a copy of the review and any recommendations
once completed.
Yours sincerely
Amanda Baird
Investigations Officer
Dispute Resolution Branch
27 April 2017
www.oaic.gov.au | 2
FOIREQ19/00173 004
Dear Ms Baird
Please find attached a letter from Mr Ian McKenzie, Acting Chief Information Officer, providing a copy of the DPS report on data
spill of parliamentarians and staff mobile numbers.
Kind regards
Linda Craige
Executive Officer | Office of the Secretary, Mr Rob Stefanic
T: 02 6277 2507 | E: linda.craige@aph.gov.au
Parliament House | PO Box 6000 | Canberra ACT 2600
Department of Parliamentary Services
From: Amanda Baird [mailto:amanda.baird@oaic.gov.au]
Sent: Thursday, 27 April 2017 9:34 AM
To: Office Of The Secretary (DPS)
Subject: HPRM: DBN17/00039 - Department of Parliamentary Services [SEC=UNCLASSIFIED]
Our reference: DBN17/00039
Dear Ms Harrison
I refer to Mr Stefanic’s letter of 5 April 2017 regarding a data breach incident involving the Department of Parliamentary Services.
Please find attached a response from the Office of the Australian Information Commissioner.
Regards,
Amanda Baird | Investigations Officer | Dispute Resolution
Office of the Australian Information Commissioner
GPO Box 5218 SYDNEY NSW 2001 | www.oaic.gov.au
Phone: + 61 2 8231 4226 | Fax: + 61 2 9284 9666 | amanda.baird@oaic.gov.au
Protecting information rights – advancing information policy
Email signature image
***********************************************************************
WARNING: The information contained in this email may be confidential.
If you are not the intended recipient, any use or copying of any part
of this information is unauthorised. If you have received this email in
error, we apologise for any inconvenience and request that you notify
the sender immediately and delete all copies of this email, together
with any attachments.
***********************************************************************
FOIREQ19/00173 005
FOIREQ19/00173 006
FOIREQ19/00173 007
FOIREQ19/00173 008
FOIREQ19/00173 009
FOIREQ19/00173 010
FOIREQ19/00173 011
From: Amanda Baird [mailto:amanda.baird@oaic.gov.au]
Sent: Thursday, 27 April 2017 9:34 AM
To: Office Of The Secretary (DPS)
Subject: HPRM: DBN17/00039 - Department of Parliamentary Services [SEC=UNCLASSIFIED]
Our reference: DBN17/00039
Dear Ms Harrison
I refer to Mr Stefanic’s letter of 5 April 2017 regarding a data breach incident involving the Department of Parliamentary Services.
Please find attached a response from the Office of the Australian Information Commissioner.
Regards,
Amanda Baird | Investigations Officer | Dispute Resolution
Office of the Australian Information Commissioner
GPO Box 5218 SYDNEY NSW 2001 | www.oaic.gov.au
Phone: + 61 2 8231 4226 | Fax: + 61 2 9284 9666 | amanda.baird@oaic.gov.au
Protecting information rights – advancing information policy
Email signature image
***********************************************************************
WARNING: The information contained in this email may be confidential.
If you are not the intended recipient, any use or copying of any part
FOIREQ19/00173 012
Thanks Amanda. Could you please write a short email summarising key points to send to Angelene and Timothy attaching this
report? They asked me to keep them updated about this matter.
Annan
From: Amanda Baird
Sent: Tuesday, 27 June 2017 7:51 AM
To: Annan Boag <annan.boag@oaic.gov.au>; Andrew Solomon <andrew.solomon@oaic.gov.au>
Subject: FW: HPRM: DBN17/00039 - Department of Parliamentary Services [SEC=UNCLASSIFIED]
Hi Annan and Andrew
FYI - attached is the report from DPS regarding the data breach the Secretary notified Timothy directly about. It’s been attached to
the file.
Thanks, Amanda
From: Office Of The Secretary (DPS) [mailto:OfficeOfTheSecretary@aph.gov.au]
Sent: Monday, 26 June 2017 5:38 PM
To: Amanda Baird <amanda.baird@oaic.gov.au>
Cc: Office Of The Secretary (DPS) <OfficeOfTheSecretary@aph.gov.au>
Subject: RE: HPRM: DBN17/00039 - Department of Parliamentary Services [SEC=UNCLASSIFIED]
Dear Ms Baird
Please find attached a letter from Mr Ian McKenzie, Acting Chief Information Officer, providing a copy of the DPS report on data
spill of parliamentarians and staff mobile numbers.
Kind regards
Linda Craige
Executive Officer | Office of the Secretary, Mr Rob Stefanic
T: 02 6277 2507 | E: linda.craige@aph.gov.au
Parliament House | PO Box 6000 | Canberra ACT 2600
Department of Parliamentary Services
From: Amanda Baird [mailto:amanda.baird@oaic.gov.au]
Sent: Thursday, 27 April 2017 9:34 AM
To: Office Of The Secretary (DPS)
Subject: HPRM: DBN17/00039 - Department of Parliamentary Services [SEC=UNCLASSIFIED]
Our reference: DBN17/00039
Dear Ms Harrison
I refer to Mr Stefanic’s letter of 5 April 2017 regarding a data breach incident involving the Department of Parliamentary Services.
Please find attached a response from the Office of the Australian Information Commissioner.
Regards,
Amanda Baird | Investigations Officer | Dispute Resolution
Office of the Australian Information Commissioner
GPO Box 5218 SYDNEY NSW 2001 | www.oaic.gov.au
Phone: + 61 2 8231 4226 | Fax: + 61 2 9284 9666 | amanda.baird@oaic.gov.au
Protecting information rights – advancing information policy
FOIREQ19/00173 020
FOIREQ19/00173 021
Hi Annan
The OAIC has received a full report from the Department of Parliamentary Services in relation to the data breach of parliamentary
staff and MP’s phone numbers (see attached).
In summary, the Department has advised that at 12:20 pm on 20 March 2017, a Fairfax journalist alerted the Department that he
was able to obtain the names and phone numbers of parliamentarians and their staff from supposedly redacted
telecommunications reports published by the Department on the Australian Parliament House (APH) website. The Department
removed the telecommunications reports from the APH website by 1:20 pm that day. The Department also assessed that the only
major search engine that had cached the documents was Google, and took steps to confirm that google had deleted the cached
versions that evening.
The Department confirmed with its vendor, Telco Management, that the reason for the data breach was a Telco Management
programmer’s decision to change the font colour of the information that was to be redacted, in order to meet a coding change
requested by TM to streamline the reports process. The Department confirmed that visual inspections by both Telco Management
and the Department did not detect that the information had not been completely redacted from the documents.
The Department assessed that there were 980 individual file downloads from the APH website from when the documents were
uploaded (22 December 2016), with 660 downloads originating from three IP addresses and the remaining downloads across 85 IP
addresses.
The Department was briefed by the relevant security and law enforcement agencies regarding potential security issues for
parliamentarians, and provided update briefings to key stakeholders. The Department also offered private briefings to affected
parliamentarians.
The Department has sought and received written assurances from Telco Management that it has changed its process and has
implemented additional controls for the preparation of redacted reports. The Department has also implemented further internal
controls to examine future reports before publishing on the APH website. The Department has decided to retain its contract with
Telco Management for these services.
Regards,
Amanda Baird | Investigations Officer | Dispute Resolution
Office of the Australian Information Commissioner
GPO Box 5218 SYDNEY NSW 2001 | www.oaic.gov.au
Phone: + 61 2 8231 4226 | Fax: + 61 2 9284 9666 | amanda.baird@oaic.gov.au
Protecting information rights – advancing information policy
Email signature image
From: Office Of The Secretary (DPS) [mailto:OfficeOfTheSecretary@aph.gov.au]
Sent: Monday, 26 June 2017 5:38 PM
To: Amanda Baird <amanda.baird@oaic.gov.au>
Cc: Office Of The Secretary (DPS) <OfficeOfTheSecretary@aph.gov.au>
Subject: RE: HPRM: DBN17/00039 - Department of Parliamentary Services [SEC=UNCLASSIFIED]
Dear Ms Baird
Please find attached a letter from Mr Ian McKenzie, Acting Chief Information Officer, providing a copy of the DPS report on data
spill of parliamentarians and staff mobile numbers.
Kind regards
Linda Craige
Executive Officer | Office of the Secretary, Mr Rob Stefanic
FOIREQ19/00173 022
From: Amanda Baird [mailto:amanda.baird@oaic.gov.au]
Sent: Thursday, 27 April 2017 9:34 AM
To: Office Of The Secretary (DPS)
Subject: HPRM: DBN17/00039 - Department of Parliamentary Services [SEC=UNCLASSIFIED]
Our reference: DBN17/00039
Dear Ms Harrison
I refer to Mr Stefanic’s letter of 5 April 2017 regarding a data breach incident involving the Department of Parliamentary Services.
Please find attached a response from the Office of the Australian Information Commissioner.
Regards,
Amanda Baird | Investigations Officer | Dispute Resolution
Office of the Australian Information Commissioner
GPO Box 5218 SYDNEY NSW 2001 | www.oaic.gov.au
Phone: + 61 2 8231 4226 | Fax: + 61 2 9284 9666 | amanda.baird@oaic.gov.au
Protecting information rights – advancing information policy
Email signature image
***********************************************************************
WARNING: The information contained in this email may be confidential.
If you are not the intended recipient, any use or copying of any part
of this information is unauthorised. If you have received this email in
error, we apologise for any inconvenience and request that you notify
the sender immediately and delete all copies of this email, together
with any attachments.
***********************************************************************
FOIREQ19/00173 023
FOIREQ19/00173 024
FOIREQ19/00173 025
FOIREQ19/00173 026
FOIREQ19/00173 027
FOIREQ19/00173 028
FOIREQ19/00173 029
Timothy, Angelene,
For your information, see attached the report of the Department of Parliamentary Services into the data breach involving MP’s
phone numbers.
A good summary of the report has been provided by Amanda, below.
We do not propose to take any further action on this matter.
Annan
From: Amanda Baird
Sent: Tuesday, 27 June 2017 10:44 AM
To: Annan Boag <annan.boag@oaic.gov.au>
Subject: FW: HPRM: DBN17/00039 - Department of Parliamentary Services [SEC=UNCLASSIFIED]
Hi Annan
The OAIC has received a full report from the Department of Parliamentary Services in relation to the data breach of parliamentary
staff and MP’s phone numbers (see attached).
In summary, the Department has advised that at 12:20 pm on 20 March 2017, a Fairfax journalist alerted the Department that he
was able to obtain the names and phone numbers of parliamentarians and their staff from supposedly redacted
telecommunications reports published by the Department on the Australian Parliament House (APH) website. The Department
removed the telecommunications reports from the APH website by 1:20 pm that day. The Department also assessed that the only
major search engine that had cached the documents was Google, and took steps to confirm that google had deleted the cached
versions that evening.
The Department confirmed with its vendor, Telco Management, that the reason for the data breach was a Telco Management
programmer’s decision to change the font colour of the information that was to be redacted, in order to meet a coding change
requested by TM to streamline the reports process. The Department confirmed that visual inspections by both Telco Management
and the Department did not detect that the information had not been completely redacted from the documents.
The Department assessed that there were 980 individual file downloads from the APH website from when the documents were
uploaded (22 December 2016), with 660 downloads originating from three IP addresses and the remaining downloads across 85 IP
addresses.
The Department was briefed by the relevant security and law enforcement agencies regarding potential security issues for
parliamentarians, and provided update briefings to key stakeholders. The Department also offered private briefings to affected
parliamentarians.
The Department has sought and received written assurances from Telco Management that it has changed its process and has
implemented additional controls for the preparation of redacted reports. The Department has also implemented further internal
controls to examine future reports before publishing on the APH website. The Department has decided to retain its contract with
Telco Management for these services.
Regards,
Amanda Baird | Investigations Officer | Dispute Resolution
Office of the Australian Information Commissioner
GPO Box 5218 SYDNEY NSW 2001 | www.oaic.gov.au
Phone: + 61 2 8231 4226 | Fax: + 61 2 9284 9666 | amanda.baird@oaic.gov.au
Protecting information rights – advancing information policy
Email signature image
FOIREQ19/00173 030
From: Office Of The Secretary (DPS) [mailto:OfficeOfTheSecretary@aph.gov.au]
Sent: Monday, 26 June 2017 5:38 PM
To: Amanda Baird <amanda.baird@oaic.gov.au>
Cc: Office Of The Secretary (DPS) <OfficeOfTheSecretary@aph.gov.au>
Subject: RE: HPRM: DBN17/00039 - Department of Parliamentary Services [SEC=UNCLASSIFIED]
Dear Ms Baird
Please find attached a letter from Mr Ian McKenzie, Acting Chief Information Officer, providing a copy of the DPS report on data
spill of parliamentarians and staff mobile numbers.
Kind regards
Linda Craige
Executive Officer | Office of the Secretary, Mr Rob Stefanic
T: 02 6277 2507 | E: linda.craige@aph.gov.au
Parliament House | PO Box 6000 | Canberra ACT 2600
Department of Parliamentary Services
From: Amanda Baird [mailto:amanda.baird@oaic.gov.au]
Sent: Thursday, 27 April 2017 9:34 AM
To: Office Of The Secretary (DPS)
Subject: HPRM: DBN17/00039 - Department of Parliamentary Services [SEC=UNCLASSIFIED]
Our reference: DBN17/00039
Dear Ms Harrison
I refer to Mr Stefanic’s letter of 5 April 2017 regarding a data breach incident involving the Department of Parliamentary Services.
Please find attached a response from the Office of the Australian Information Commissioner.
Regards,
Amanda Baird | Investigations Officer | Dispute Resolution
Office of the Australian Information Commissioner
GPO Box 5218 SYDNEY NSW 2001 | www.oaic.gov.au
Phone: + 61 2 8231 4226 | Fax: + 61 2 9284 9666 | amanda.baird@oaic.gov.au
Protecting information rights – advancing information policy
Email signature image
***********************************************************************
WARNING: The information contained in this email may be confidential.
If you are not the intended recipient, any use or copying of any part
of this information is unauthorised. If you have received this email in
error, we apologise for any inconvenience and request that you notify
the sender immediately and delete all copies of this email, together
with any attachments.
***********************************************************************
FOIREQ19/00173 031
FOIREQ19/00173 032
FOIREQ19/00173 033
FOIREQ19/00173 034
FOIREQ19/00173 035
FOIREQ19/00173 036
FOIREQ19/00173 037
Dear Ms Craige
Thank you for the letter from Mr McKenzie. I note it refers to appendices that do not appear to be attached to the letter. Was
there another document that was intended to be provided?
Regards,
Amanda Baird | Investigations Officer | Dispute Resolution
Office of the Australian Information Commissioner
GPO Box 5218 SYDNEY NSW 2001 | www.oaic.gov.au
Phone: + 61 2 8231 4226 | Fax: + 61 2 9284 9666 | amanda.baird@oaic.gov.au
Protecting information rights – advancing information policy
Email signature image
From: Office Of The Secretary (DPS) [mailto:OfficeOfTheSecretary@aph.gov.au]
Sent: Monday, 26 June 2017 5:38 PM
To: Amanda Baird <amanda.baird@oaic.gov.au>
Cc: Office Of The Secretary (DPS) <OfficeOfTheSecretary@aph.gov.au>
Subject: RE: HPRM: DBN17/00039 - Department of Parliamentary Services [SEC=UNCLASSIFIED]
Dear Ms Baird
Please find attached a letter from Mr Ian McKenzie, Acting Chief Information Officer, providing a copy of the DPS report on data
spill of parliamentarians and staff mobile numbers.
Kind regards
Linda Craige
Executive Officer | Office of the Secretary, Mr Rob Stefanic
T: 02 6277 2507 | E: linda.craige@aph.gov.au
Parliament House | PO Box 6000 | Canberra ACT 2600
Department of Parliamentary Services
From: Amanda Baird [mailto:amanda.baird@oaic.gov.au]
Sent: Thursday, 27 April 2017 9:34 AM
To: Office Of The Secretary (DPS)
Subject: HPRM: DBN17/00039 - Department of Parliamentary Services [SEC=UNCLASSIFIED]
Our reference: DBN17/00039
Dear Ms Harrison
I refer to Mr Stefanic’s letter of 5 April 2017 regarding a data breach incident involving the Department of Parliamentary Services.
Please find attached a response from the Office of the Australian Information Commissioner.
Regards,
Amanda Baird | Investigations Officer | Dispute Resolution
Office of the Australian Information Commissioner
GPO Box 5218 SYDNEY NSW 2001 | www.oaic.gov.au
Phone: + 61 2 8231 4226 | Fax: + 61 2 9284 9666 | amanda.baird@oaic.gov.au
FOIREQ19/00173 038
FOIREQ19/00173 039
Hello Annan
Thanks for that I agree no further action.
TP
Timothy Pilgrim
Australian Information Commissioner
Australian Privacy Commissioner
Office of the Australian Information Commissioner
Level 3, 175 Pitt Street Sydney NSW 2001
GPO Box 5218 SYDNEY NSW 2001 | www.oaic.gov.au
Phone +61 2 9284 9601 | Fax +61 2 9284 9723
timothy.pilgrim@oaic.gov.au
dpap-email-signature-approved
From: Annan Boag
Sent: Tuesday, 27 June 2017 10:49 AM
To: Timothy Pilgrim <timothy.pilgrim@oaic.gov.au>; Angelene Falk <angelene.falk@oaic.gov.au>
Cc: Andrew Solomon <andrew.solomon@oaic.gov.au>; Amanda Baird <amanda.baird@oaic.gov.au>
Subject: Department of Parliamentary Services data breach [DLM=For-Official-Use-Only]
Timothy, Angelene,
For your information, see attached the report of the Department of Parliamentary Services into the data breach involving MP’s
phone numbers.
A good summary of the report has been provided by Amanda, below.
We do not propose to take any further action on this matter.
Annan
From: Amanda Baird
Sent: Tuesday, 27 June 2017 10:44 AM
To: Annan Boag <annan.boag@oaic.gov.au>
Subject: FW: HPRM: DBN17/00039 - Department of Parliamentary Services [SEC=UNCLASSIFIED]
Hi Annan
The OAIC has received a full report from the Department of Parliamentary Services in relation to the data breach of parliamentary
staff and MP’s phone numbers (see attached).
In summary, the Department has advised that at 12:20 pm on 20 March 2017, a Fairfax journalist alerted the Department that he
was able to obtain the names and phone numbers of parliamentarians and their staff from supposedly redacted
telecommunications reports published by the Department on the Australian Parliament House (APH) website. The Department
FOIREQ19/00173 040
removed the telecommunications reports from the APH website by 1:20 pm that day. The Department also assessed that the only
major search engine that had cached the documents was Google, and took steps to confirm that google had deleted the cached
versions that evening.
The Department confirmed with its vendor, Telco Management, that the reason for the data breach was a Telco Management
programmer’s decision to change the font colour of the information that was to be redacted, in order to meet a coding change
requested by TM to streamline the reports process. The Department confirmed that visual inspections by both Telco Management
and the Department did not detect that the information had not been completely redacted from the documents.
The Department assessed that there were 980 individual file downloads from the APH website from when the documents were
uploaded (22 December 2016), with 660 downloads originating from three IP addresses and the remaining downloads across 85 IP
addresses.
The Department was briefed by the relevant security and law enforcement agencies regarding potential security issues for
parliamentarians, and provided update briefings to key stakeholders. The Department also offered private briefings to affected
parliamentarians.
The Department has sought and received written assurances from Telco Management that it has changed its process and has
implemented additional controls for the preparation of redacted reports. The Department has also implemented further internal
controls to examine future reports before publishing on the APH website. The Department has decided to retain its contract with
Telco Management for these services.
Regards,
Amanda Baird | Investigations Officer | Dispute Resolution
Office of the Australian Information Commissioner
GPO Box 5218 SYDNEY NSW 2001 | www.oaic.gov.au
Phone: + 61 2 8231 4226 | Fax: + 61 2 9284 9666 | amanda.baird@oaic.gov.au
Protecting information rights – advancing information policy
Email signature image
From: Office Of The Secretary (DPS) [mailto:OfficeOfTheSecretary@aph.gov.au]
Sent: Monday, 26 June 2017 5:38 PM
To: Amanda Baird <amanda.baird@oaic.gov.au>
Cc: Office Of The Secretary (DPS) <OfficeOfTheSecretary@aph.gov.au>
Subject: RE: HPRM: DBN17/00039 - Department of Parliamentary Services [SEC=UNCLASSIFIED]
Dear Ms Baird
Please find attached a letter from Mr Ian McKenzie, Acting Chief Information Officer, providing a copy of the DPS report on data
spill of parliamentarians and staff mobile numbers.
Kind regards
Linda Craige
Executive Officer | Office of the Secretary, Mr Rob Stefanic
T: 02 6277 2507 | E: linda.craige@aph.gov.au
Parliament House | PO Box 6000 | Canberra ACT 2600
Department of Parliamentary Services
From: Amanda Baird [mailto:amanda.baird@oaic.gov.au]
Sent: Thursday, 27 April 2017 9:34 AM
To: Office Of The Secretary (DPS)
Subject: HPRM: DBN17/00039 - Department of Parliamentary Services [SEC=UNCLASSIFIED]
Our reference: DBN17/00039
Dear Ms Harrison
FOIREQ19/00173 041
I refer to Mr Stefanic’s letter of 5 April 2017 regarding a data breach incident involving the Department of Parliamentary Services.
Please find attached a response from the Office of the Australian Information Commissioner.
Regards,
Amanda Baird | Investigations Officer | Dispute Resolution
Office of the Australian Information Commissioner
GPO Box 5218 SYDNEY NSW 2001 | www.oaic.gov.au
Phone: + 61 2 8231 4226 | Fax: + 61 2 9284 9666 | amanda.baird@oaic.gov.au
Protecting information rights – advancing information policy
Email signature image
***********************************************************************
WARNING: The information contained in this email may be confidential.
If you are not the intended recipient, any use or copying of any part
of this information is unauthorised. If you have received this email in
error, we apologise for any inconvenience and request that you notify
the sender immediately and delete all copies of this email, together
with any attachments.
***********************************************************************
FOIREQ19/00173 042
Thanks for the summary Amanda. If you haven’t already , could you please just reply thanking them for sending that through
Annan
From: Timothy Pilgrim
Sent: Wednesday, 28 June 2017 10:47 AM
To: Annan Boag <annan.boag@oaic.gov.au>; Angelene Falk <angelene.falk@oaic.gov.au>
Cc: Andrew Solomon <andrew.solomon@oaic.gov.au>; Amanda Baird <amanda.baird@oaic.gov.au>
Subject: RE: Department of Parliamentary Services data breach [DLM=For-Official-Use-Only]
Hello Annan
Thanks for that I agree no further action.
TP
Timothy Pilgrim
Australian Information Commissioner
Australian Privacy Commissioner
Office of the Australian Information Commissioner
Level 3, 175 Pitt Street Sydney NSW 2001
GPO Box 5218 SYDNEY NSW 2001 | www.oaic.gov.au
Phone +61 2 9284 9601 | Fax +61 2 9284 9723
timothy.pilgrim@oaic.gov.au
dpap-email-signature-approved
From: Annan Boag
Sent: Tuesday, 27 June 2017 10:49 AM
To: Timothy Pilgrim <timothy.pilgrim@oaic.gov.au>; Angelene Falk <angelene.falk@oaic.gov.au>
Cc: Andrew Solomon <andrew.solomon@oaic.gov.au>; Amanda Baird <amanda.baird@oaic.gov.au>
Subject: Department of Parliamentary Services data breach [DLM=For-Official-Use-Only]
Timothy, Angelene,
For your information, see attached the report of the Department of Parliamentary Services into the data breach involving MP’s
phone numbers.
A good summary of the report has been provided by Amanda, below.
We do not propose to take any further action on this matter.
Annan
From: Amanda Baird
Sent: Tuesday, 27 June 2017 10:44 AM
To: Annan Boag <annan.boag@oaic.gov.au>
FOIREQ19/00173 043
From: Office Of The Secretary (DPS) [mailto:OfficeOfTheSecretary@aph.gov.au]
Sent: Monday, 26 June 2017 5:38 PM
To: Amanda Baird <amanda.baird@oaic.gov.au>
Cc: Office Of The Secretary (DPS) <OfficeOfTheSecretary@aph.gov.au>
Subject: RE: HPRM: DBN17/00039 - Department of Parliamentary Services [SEC=UNCLASSIFIED]
Dear Ms Baird
Please find attached a letter from Mr Ian McKenzie, Acting Chief Information Officer, providing a copy of the DPS report on data
spill of parliamentarians and staff mobile numbers.
Kind regards
Linda Craige
Executive Officer | Office of the Secretary, Mr Rob Stefanic
T: 02 6277 2507 | E: linda.craige@aph.gov.au
Parliament House | PO Box 6000 | Canberra ACT 2600
Department of Parliamentary Services
FOIREQ19/00173 044
From: Amanda Baird [mailto:amanda.baird@oaic.gov.au]
Sent: Thursday, 27 April 2017 9:34 AM
To: Office Of The Secretary (DPS)
Subject: HPRM: DBN17/00039 - Department of Parliamentary Services [SEC=UNCLASSIFIED]
Our reference: DBN17/00039
Dear Ms Harrison
I refer to Mr Stefanic’s letter of 5 April 2017 regarding a data breach incident involving the Department of Parliamentary Services.
Please find attached a response from the Office of the Australian Information Commissioner.
Regards,
Amanda Baird | Investigations Officer | Dispute Resolution
Office of the Australian Information Commissioner
GPO Box 5218 SYDNEY NSW 2001 | www.oaic.gov.au
Phone: + 61 2 8231 4226 | Fax: + 61 2 9284 9666 | amanda.baird@oaic.gov.au
Protecting information rights – advancing information policy
Email signature image
***********************************************************************
WARNING: The information contained in this email may be confidential.
If you are not the intended recipient, any use or copying of any part
of this information is unauthorised. If you have received this email in
error, we apologise for any inconvenience and request that you notify
the sender immediately and delete all copies of this email, together
with any attachments.
***********************************************************************
FOIREQ19/00173 045
Hi Amanda
My sincere apologies. Full report now attached.
Kind regards
Linda
Linda Craige
Executive Officer | Office of the Secretary, Mr Rob Stefanic
T: 02 6277 2507 | E: linda.craige@aph.gov.au
Parliament House | PO Box 6000 | Canberra ACT 2600
Department of Parliamentary Services
From: Amanda Baird [mailto:amanda.baird@oaic.gov.au]
Sent: Tuesday, 27 June 2017 10:53 AM
To: Office Of The Secretary (DPS)
Subject: RE: HPRM: DBN17/00039 - Department of Parliamentary Services [SEC=UNCLASSIFIED]
Dear Ms Craige
Thank you for the letter from Mr McKenzie. I note it refers to appendices that do not appear to be attached to the letter. Was
there another document that was intended to be provided?
Regards,
Amanda Baird | Investigations Officer | Dispute Resolution
Office of the Australian Information Commissioner
GPO Box 5218 SYDNEY NSW 2001 | www.oaic.gov.au
Phone: + 61 2 8231 4226 | Fax: + 61 2 9284 9666 | amanda.baird@oaic.gov.au
Protecting information rights – advancing information policy
Email signature image
From: Office Of The Secretary (DPS) [mailto:OfficeOfTheSecretary@aph.gov.au]
Sent: Monday, 26 June 2017 5:38 PM
To: Amanda Baird <amanda.baird@oaic.gov.au>
Cc: Office Of The Secretary (DPS) <OfficeOfTheSecretary@aph.gov.au>
Subject: RE: HPRM: DBN17/00039 - Department of Parliamentary Services [SEC=UNCLASSIFIED]
Dear Ms Baird
Please find attached a letter from Mr Ian McKenzie, Acting Chief Information Officer, providing a copy of the DPS report on data
spill of parliamentarians and staff mobile numbers.
Kind regards
Linda Craige
Executive Officer | Office of the Secretary, Mr Rob Stefanic
T: 02 6277 2507 | E: linda.craige@aph.gov.au
Parliament House | PO Box 6000 | Canberra ACT 2600
Department of Parliamentary Services
FOIREQ19/00173 046
***********************************************************************
WARNING: The information contained in this email may be confidential.
If you are not the intended recipient, any use or copying of any part
of this information is unauthorised. If you have received this email in
error, we apologise for any inconvenience and request that you notify
the sender immediately and delete all copies of this email, together
with any attachments.
***********************************************************************
***********************************************************************
WARNING: The information contained in this email may be confidential.
If you are not the intended recipient, any use or copying of any part
of this information is unauthorised. If you have received this email in
error, we apologise for any inconvenience and request that you notify
the sender immediately and delete all copies of this email, together
with any attachments.
***********************************************************************
FOIREQ19/00173 047
FOIREQ19/00173 048
FOIREQ19/00173 049
FOIREQ19/00173 050
FOIREQ19/00173 051
FOIREQ19/00173 052
FOIREQ19/00173 053
FOIREQ19/00173 054
FOIREQ19/00173 055
FOIREQ19/00173 056
FOIREQ19/00173 057
FOIREQ19/00173 058
FOIREQ19/00173 059
FOIREQ19/00173 060
FOIREQ19/00173 061
FOIREQ19/00173 062
From: Office Of The Secretary (DPS) [mailto:OfficeOfTheSecretary@aph.gov.au]
Sent: Wednesday, 28 June 2017 3:34 PM
To: Amanda Baird <amanda.baird@oaic.gov.au>
Subject: RE: HPRM: DBN17/00039 - Department of Parliamentary Services [SEC=UNCLASSIFIED]
Hi Amanda
My sincere apologies. Full report now attached.
Kind regards
Linda
Linda Craige
Executive Officer | Office of the Secretary, Mr Rob Stefanic
T: 02 6277 2507 | E: linda.craige@aph.gov.au
Parliament House | PO Box 6000 | Canberra ACT 2600
Department of Parliamentary Services
From: Amanda Baird [mailto:amanda.baird@oaic.gov.au]
Sent: Tuesday, 27 June 2017 10:53 AM
To: Office Of The Secretary (DPS)
Subject: RE: HPRM: DBN17/00039 - Department of Parliamentary Services [SEC=UNCLASSIFIED]
Dear Ms Craige
Thank you for the letter from Mr McKenzie. I note it refers to appendices that do not appear to be attached to the letter. Was
there another document that was intended to be provided?
Regards,
Amanda Baird | Investigations Officer | Dispute Resolution
Office of the Australian Information Commissioner
GPO Box 5218 SYDNEY NSW 2001 | www.oaic.gov.au
Phone: + 61 2 8231 4226 | Fax: + 61 2 9284 9666 | amanda.baird@oaic.gov.au
Protecting information rights – advancing information policy
FOIREQ19/00173 063
FOIREQ19/00173 064
FOIREQ19/00173 065
FOIREQ19/00173 066
FOIREQ19/00173 067
s 42
FOIREQ19/00173 068
FOIREQ19/00173 069
Hi Amie
For your review – the brief on the DPS data breach D2019/001313. The news articles quote a
joint statement by the Senate President and the Speaker, but it doesn’t appear to have been
made public.
Thanks, Amanda
FOIREQ19/00173 070
Hi Andrew,
Please find the additional brief on the DPS data breach D2019/001313 for your clearance,
prepared by Amanda and cleared by me.
I am not sure how much detail Angelene will require. s 42
s 42
Thanks,
Amie
FOIREQ19/00173 071
Dear Angelene,
We have now updated the NDB overview brief D2019/000838 to include s 22 and a brief reference to the
Department of Parliamentary Services cyber incident (the subject of a separate brief). The NDB overview brief is now for your further approval.
s 22
The additional brief relating to the Dept of Parliamentary Services cyber incident is awaiting clearance by Andrew. D2019/001313
Lorraine – Could you please s 22 add
the DPS Cyber Incident brief to Folder A and the index.
Many thanks to Amanda for her work on these briefs.
Thanks,
Amie
Topic Who TRIM link
February 2019
Awaiting
clearance with
AS.
Com brief –DPS Cyber incident Amie Grierson
Lorraine to add
to index/Folder
D2019/001313 With Andrew for approval. A.
Com brief - NDB overview (renamed) Amie Grierson D2019/000838 Resubmitted For approval
s 22
From: Angelene Falk <angelene.falk@oaic.gov.au>
Sent: Wednesday, 13 February 2019 4:54 PM
To: Lorraine Nurney <lorraine.nurney@oaic.gov.au>; Amie Grierson <amie.grierson@oaic.gov.au>
Cc: Brenton Attard <brenton.attard@oaic.gov.au>; Elizabeth Hampton <elizabeth.hampton@oaic.gov.au>; Melanie Drayton <melanie.drayton@oaic.gov.au>;
Andrew Solomon <andrew.solomon@oaic.gov.au>; Ying Chin <ying.chin@oaic.gov.au>; Caitlin Rees <caitlin.rees@oaic.gov.au>
Subject: Status on Briefs: question for Amie [SEC=UNCLASSIFIED]
Hi Lorraine
Here is where the briefs are up to from these lists ( I will now work on the next list!). Everyone who has information that needs to be resubmitted has been
advised.
s 22
Many thanks
Angelene
Topic Who TRIM link
February 2019
FOIREQ19/00173 072
s 22
Topic Who TRIM link 13 Feb
February 2019
s 22
Amie wanted to
Com brief - NDB overview (renamed) Amie Grierson
D2019/000838 Resubmitted add to this
s 22
Angelene Falk | Australian Information Commissioner and Privacy Commissioner
Office of the Australian Information Commissioner
GPO Box 5218 Sydney NSW 2001 | oaic.gov.au
+61 2 9284 9651 | +61 418 270 427 | angelene.falk@oaic.gov.au
Thank you!
From: Amie Grierson <amie.grierson@oaic.gov.au>
Sent: Wednesday, 13 February 2019 9:02 PM
To: Angelene Falk <angelene.falk@oaic.gov.au>; Lorraine Nurney <lorraine.nurney@oaic.gov.au>
Cc: Brenton Attard <brenton.attard@oaic.gov.au>; Elizabeth Hampton <elizabeth.hampton@oaic.gov.au>; Melanie Drayton <melanie.drayton@oaic.gov.au>;
Andrew Solomon <andrew.solomon@oaic.gov.au>; Amanda Baird <amanda.baird@oaic.gov.au>; Sarah Ghali <sarah.ghali@oaic.gov.au>
Subject: RE: Status on Briefs: question for Amie [SEC=UNCLASSIFIED]
Dear Angelene,
We have now updated the NDB overview brief D2019/000838 to include s 22 and a brief reference to the
Department of Parliamentary Services cyber incident (the subject of a separate brief). The NDB overview brief is now for your further approval.
s 22
The additional brief relating to the Dept of Parliamentary Services cyber incident is awaiting clearance by Andrew. D2019/001313
Lorraine – Could you please s 22 add
the DPS Cyber Incident brief to Folder A and the index.
Many thanks to Amanda for her work on these briefs.
Thanks,
Amie
Topic Who TRIM link
February 2019
Awaiting
clearance with
AS.
Com brief –DPS Cyber incident Amie Grierson
Lorraine to add
to index/Folder
D2019/001313 With Andrew for approval. A.
Com brief - NDB overview (renamed) Amie Grierson D2019/000838 Resubmitted For approval
s 22
From: Angelene Falk <angelene.falk@oaic.gov.au>
Sent: Wednesday, 13 February 2019 4:54 PM
To: Lorraine Nurney <lorraine.nurney@oaic.gov.au>; Amie Grierson <amie.grierson@oaic.gov.au>
Cc: Brenton Attard <brenton.attard@oaic.gov.au>; Elizabeth Hampton <elizabeth.hampton@oaic.gov.au>; Melanie Drayton <melanie.drayton@oaic.gov.au>;
Andrew Solomon <andrew.solomon@oaic.gov.au>; Ying Chin <ying.chin@oaic.gov.au>; Caitlin Rees <caitlin.rees@oaic.gov.au>
Subject: Status on Briefs: question for Amie [SEC=UNCLASSIFIED]
Hi Lorraine
Here is where the briefs are up to from these lists ( I will now work on the next list!). Everyone who has information that needs to be resubmitted has been
advised.
s 22
FOIREQ19/00173 074
s 22
Many thanks
Angelene
Topic Who TRIM link
February 2019
s 22
Topic Who TRIM link 13 Feb
February 2019
s 22
Amie wanted to
Com brief - NDB overview (renamed) Amie Grierson
D2019/000838 Resubmitted add to this
s 22
Angelene Falk | Australian Information Commissioner and Privacy Commissioner
Office of the Australian Information Commissioner
GPO Box 5218 Sydney NSW 2001 | oaic.gov.au
+61 2 9284 9651 | +61 418 270 427 | angelene.falk@oaic.gov.au
Thanks Amie (and I agree, Amanda’s been awesome with all of them!)
From: Amie Grierson <amie.grierson@oaic.gov.au>
Sent: Wednesday, 13 February 2019 9:02 PM
To: Angelene Falk <angelene.falk@oaic.gov.au>; Lorraine Nurney <lorraine.nurney@oaic.gov.au>
Cc: Brenton Attard <brenton.attard@oaic.gov.au>; Elizabeth Hampton <elizabeth.hampton@oaic.gov.au>; Melanie Drayton <melanie.drayton@oaic.gov.au>;
Andrew Solomon <andrew.solomon@oaic.gov.au>; Amanda Baird <amanda.baird@oaic.gov.au>; Sarah Ghali <sarah.ghali@oaic.gov.au>
Subject: RE: Status on Briefs: question for Amie [SEC=UNCLASSIFIED]
Dear Angelene,
We have now updated the NDB overview brief D2019/000838 to include s 22 , and a brief reference to the
Department of Parliamentary Services cyber incident (the subject of a separate brief). The NDB overview brief is now for your further approval.
s 22
The additional brief relating to the Dept of Parliamentary Services cyber incident is awaiting clearance by Andrew. D2019/001313
Lorraine – Could you please s 22 please add
the DPS Cyber Incident brief to Folder A and the index.
Many thanks to Amanda for her work on these briefs.
Thanks,
Amie
Topic Who TRIM link
February 2019
Awaiting
clearance with
AS.
Com brief –DPS Cyber incident Amie Grierson
Lorraine to add
to index/Folder
D2019/001313 With Andrew for approval. A.
Com brief - NDB overview (renamed) Amie Grierson D2019/000838 Resubmitted For approval
s 22
From: Angelene Falk <angelene.falk@oaic.gov.au>
Sent: Wednesday, 13 February 2019 4:54 PM
To: Lorraine Nurney <lorraine.nurney@oaic.gov.au>; Amie Grierson <amie.grierson@oaic.gov.au>
Cc: Brenton Attard <brenton.attard@oaic.gov.au>; Elizabeth Hampton <elizabeth.hampton@oaic.gov.au>; Melanie Drayton <melanie.drayton@oaic.gov.au>;
Andrew Solomon <andrew.solomon@oaic.gov.au>; Ying Chin <ying.chin@oaic.gov.au>; Caitlin Rees <caitlin.rees@oaic.gov.au>
Subject: Status on Briefs: question for Amie [SEC=UNCLASSIFIED]
Hi Lorraine
Here is where the briefs are up to from these lists ( I will now work on the next list!). Everyone who has information that needs to be resubmitted has been
advised.
s 22
FOIREQ19/00173 076
s 22
Many thanks
Angelene
Topic Who TRIM link
February 2019
s 22
Topic Who TRIM link 13 Feb
February 2019
s 22
Amie wanted to
Com brief - NDB overview (renamed) Amie Grierson
D2019/000838 Resubmitted add to this
s 22
Angelene Falk | Australian Information Commissioner and Privacy Commissioner
Office of the Australian Information Commissioner
GPO Box 5218 Sydney NSW 2001 | oaic.gov.au
+61 2 9284 9651 | +61 418 270 427 | angelene.falk@oaic.gov.au
Hi Amie
s 22
Thanks, Amanda
From: Angelene Falk <angelene.falk@oaic.gov.au>
Sent: Wednesday, 13 February 2019 9:12 PM
To: Amie Grierson <amie.grierson@oaic.gov.au>; Lorraine Nurney <lorraine.nurney@oaic.gov.au>
Cc: Brenton Attard <brenton.attard@oaic.gov.au>; Elizabeth Hampton <elizabeth.hampton@oaic.gov.au>; Melanie Drayton <melanie.drayton@oaic.gov.au>;
Andrew Solomon <andrew.solomon@oaic.gov.au>; Amanda Baird <amanda.baird@oaic.gov.au>; Sarah Ghali <sarah.ghali@oaic.gov.au>
Subject: RE: Status on Briefs: question for Amie [SEC=UNCLASSIFIED]
Thank you!
From: Amie Grierson <amie.grierson@oaic.gov.au>
Sent: Wednesday, 13 February 2019 9:02 PM
To: Angelene Falk <angelene.falk@oaic.gov.au>; Lorraine Nurney <lorraine.nurney@oaic.gov.au>
Cc: Brenton Attard <brenton.attard@oaic.gov.au>; Elizabeth Hampton <elizabeth.hampton@oaic.gov.au>; Melanie Drayton <melanie.drayton@oaic.gov.au>;
Andrew Solomon <andrew.solomon@oaic.gov.au>; Amanda Baird <amanda.baird@oaic.gov.au>; Sarah Ghali <sarah.ghali@oaic.gov.au>
Subject: RE: Status on Briefs: question for Amie [SEC=UNCLASSIFIED]
Dear Angelene,
We have now updated the NDB overview brief D2019/000838 to include s 22 , and a brief reference to the
Department of Parliamentary Services cyber incident (the subject of a separate brief). The NDB overview brief is now for your further approval.
s 22
The additional brief relating to the Dept of Parliamentary Services cyber incident is awaiting clearance by Andrew. D2019/001313
s 22
Many thanks to Amanda for her work on these briefs.
Thanks,
Amie
Topic Who TRIM link
February 2019
Awaiting
clearance with
AS.
Com brief –DPS Cyber incident Amie Grierson
Lorraine to add
to index/Folder
D2019/001313 With Andrew for approval. A.
Com brief - NDB overview (renamed) Amie Grierson D2019/000838 Resubmitted For approval
s 22
From: Angelene Falk <angelene.falk@oaic.gov.au>
FOIREQ19/00173 078
Many thanks
Angelene
Topic Who TRIM link
February 2019
s 22
Topic Who TRIM link 13 Feb
February 2019
Resubmitted Question for Melanie within on rep Approved
Com brief - Facebook Amie Grierson
D2019/000868 complaint
Amie wanted to
Com brief - NDB overview (renamed) Amie Grierson
D2019/000838 Resubmitted add to this
s 22
Angelene Falk | Australian Information Commissioner and Privacy Commissioner
Office of the Australian Information Commissioner
GPO Box 5218 Sydney NSW 2001 | oaic.gov.au
+61 2 9284 9651 | +61 418 270 427 | angelene.falk@oaic.gov.au
Hi Angelene,
Here is a file note of the call this morning.
I would note in particular that the information at times seemed slightly ambiguous about what
might have been accessed/vulnerable vs what was removed from the various systems.
From our perspective, we would hope that the entities who have NDB obligations focus on their
obligation to assess any ‘data breach’. A data breach can include access to data, and doesn’t
necessarily need to involve exfiltration from the system to constitute an eligible data breach.
Hopefully as the matters move forward we will receive more detailed information about what
has occurred and can form some views around eligibility at this later stage (noting of course that
a range of entities may not have obligations under the scheme).
Thanks,
Amie
Teleconference: Cyber Incident briefing
· OAIC attended a call with the ACSC, and various representatives from ASD, ASIO, the
AEC, APSC, State electoral commissions, and representatives from other Fed Govt
agencies.
· The ACSC noted the Department of Parliamentary Services incident, referred to in media
over the past weeks.
· While working on this matter, the ACSC had identified tendrils that stretched across to
major political parties.
· At midday the PM will be providing an address about the matter, with a response to
follow from the Opposition leader. Contents of call embargoed until after the
announcement.
· The incident has directly targeted political parties.
· The ACSC advised on their actions to date.
· The information in the call was on an unclassified line so not all details could be
provided.
· However, the ACSC could say that as a result of the DPS incident, they had seen broader
connectivity between various networks and an adversaries infrastructure, with targets
across the major political parties.
· The ACSC was continuing to work with the political parties to respond to the attack.
· The ACSC will provide a technical briefing pack shortly.
· ACSC are providing a technical tool to the relevant IT security areas/persons.
· For those who might be provided the tool, do not be too alarmed if it gives an alert, as
the tool casts a broad net.
· Concerned that it is an issue across States and Territories, hence the involvement of the
FOIREQ19/00173 080
From: Angelene Falk <angelene.falk@oaic.gov.au>
Sent: Thursday, 21 February 2019 11:35 AM
To: Andrew Solomon <andrew.solomon@oaic.gov.au>; Amie Grierson
<amie.grierson@oaic.gov.au>
Cc: Elizabeth Hampton <elizabeth.hampton@oaic.gov.au>
Subject: Fwd: FOR INFORMATION: Whole of Government talking points V10 - Cyber Security
[DLM=For-Official-Use-Only]
Get Outlook for iOS
For-Official-Use-Only
Good morning,
Please find attached version 10 of the Whole of Government talking points following the Prime
Minister’s statement this week on the recent cyber security incident.
Kind regards,
George Cross
FOIREQ19/00173 082
For-Official-Use-Only
Important Notice: The content of this email is intended only for use by the individual or
entity to whom it is addressed. If you have received this email by mistake, please advise
the sender and delete the message and attachments immediately. This email, including
attachments, may contain confidential, sensitive, legally privileged and/or copyright
information.
Unsolicited commercial emails MUST NOT be sent to the originator of this email.
FOIREQ19/00173 083
FOIREQ19/00173 084
• Political and government networks are persistent targets of malicious cyber activity.
• We have also taken a proactive approach to protecting our elections from any
threats of foreign interference, including through the establishment of a multi-
agency electoral integrity assurance task force.
• Our cyber experts believe that a sophisticated state actor is responsible for this
malicious activity.
• It would be too early to speculate on the specific offender – our immediate focus
has been on securing the networks, protecting victims and conducting
ongoing investigations.
• Proper and accurate attribution of a cyber incident takes time and any attribution
would be done in a measured fashion.
• The public can rest assured that our security and intelligence agencies have
identified the malicious activity and are responding appropriately.
If asked: When did you discover the compromise? How long has the actor been
inside the networks? Are they now out of the network?
• Our agencies are continuing to work with the parties to investigate the full extent of
the compromise. The necessary steps are being taken to secure the networks and
protect users.
If asked: How did the actor access the networks - through DPS?
• I can confirm the incidents are related but will not go into operational details.
• The actor was sophisticated enough to gain access to the networks but not
sophisticated enough to avoid detection.
• Our political system and our democracy remain strong, vibrant and protected.
• We, of course, would like to prevent as much malicious cyber activity as possible
but the key is to ensure our systems are resilient. We have detected this intrusion
and are dealing with it.
• We believe the electoral roll is safe, but as noted, investigations are ongoing.
Australians should be reassured that our Agencies discovered the breach of the
parties’ networks and acted decisively.
If asked: How significant was the penetration? Did the actor take anything
from anyone?
• All cyber intrusions are of course concerning. This incident again shows that
Australia and Australians are targeted by malicious actors. But we have resilient
systems in place to give us the best chance to detect such activity.
• The positive here is that we have appropriate systems in place and our agencies
have detected the activity and are securing the networks. This is about keeping our
public and institutions safe.
• ASIO, the Australian Signals Directorate and Australian Cyber Security Centre are
working together around the clock to understand the full extent of this incident.
• It is early in the investigation. The necessary steps are being taken to secure the
networks and protect users.
• At this stage there is no evidence of anything being stolen, and our focus is on
securing the networks.
If asked: Why did the Government decide to announce this incident now?
• The decision to announce the cyber security incident is consistent with the intent to
take a proactive stance against malicious cyber activity.
If asked: How will the Government respond if material is used to interfere with
elections?
• At this stage there is no evidence of anything being stolen, and our focus is on
securing the networks.
• It would be too early to speculate on the precise nature of how these organisations
have been affected, our immediate focus has been on securing the networks and
protecting victims.
If asked: Have other entities been affected and can you rule out even more
compromises?
• Our immediate priority has been securing these networks and we are working to
understand the full extent of this incident.
• This is about ensuring we work with the victims so the appropriate action can be
taken and to inform the public of a security matter and to reassure them that action
is being taken.
If asked: You briefed these political parties about the risk in 2017. Why has this
incident occured?
• We have been on the front foot when it comes to cyber security. Significant policies
and investments have been made to improve Australia’s resilience to cyber threats.
• The methods used by offenders are constantly evolving and Australia is constantly
exposed to cyber threats. And that’s why we must constantly evolve too.
• The parties have strengthened their cyber defences but no network is 100% secure.
Best practice is the ability to detect and remediate quickly, which is happening in
this case. This is a matter of preparing for both prevention and resilience.
If asked: Should the government provide more cyber security protection to political
parties?
• Protecting key public institutions from cyber threats is a key area of effort for the
Australian Cyber Security Centre, as part of the whole of economy focus.
• The Australian Cyber Security Centre (ACSC) has robust processes for responding
to all manner of cyber incidents.
• Noting the evolving threat environment, there are clear areas where we can
do more.
• Strengthening our cyber security capabilities has been a high priority for the
Government. Since 2013 we have:
o committed $230 million under the 2016 Cyber Security Strategy, including for
strong cyber defences and cyber security innovation
o this is in addition to the $300–400 million, over the next ten years,
announced in the 2016 Defence White Paper to improve Defence’s
cybersecurity capabilities
o gathered all of our cyber security capability within the one location in the
Australian Cyber Security Centre (at Brindabella Park, July 2018) to enhance
integration and inter-operability.
If asked: Are Australia and its Five-Eyes partners conducting a global hunt
operation to find the hackers?
If asked: Should political parties be subject to data protection obligations under the
Privacy Act?
• Since 2000, the Privacy Act has contained an exemption for members of the
Australian Parliament, local government councillors and registered political parties,
and their volunteers and contractors, in relation to specified kinds of political acts
and practices.
CLEARANCE
Dear Leadership,
As you may be aware, the OAIC is scheduled to appear before the April 2019 Budget Estimates hearing commencing on 4 April 2019.
Below are details on the required briefs.
s 22
s 22
s 22
From: Angelene Falk <angelene.falk@oaic.gov.au>
Sent: Friday, 22 February 2019 10:10 PM
To: Amie Grierson <amie.grierson@oaic.gov.au>; Andrew Solomon
<andrew.solomon@oaic.gov.au>
Cc: Elizabeth Hampton <elizabeth.hampton@oaic.gov.au>
Subject: FW: FOR INFORMATION: Whole of Government talking points V12 - Cyber Security
[DLM=For-Official-Use-Only]
From: Media Operations <media@homeaffairs.gov.au>
Sent: Friday, 22 February 2019 5:06 PM
To: Peter Wardle <Peter.Wardle@defence.gov.au>; Chris TEAL
<Chris.Teal@homeaffairs.gov.au>; Mark Simkin <Mark.Simkin@defence.gov.au>; Mark Simkin
<Mark.Simkin@defence.gov.au>; ECANZ Secretariat <ECANZ.Secretariat@aec.gov.au>; Tom
Rogers <Tom.Rogers@aec.gov.au>; Cath Patterson <Cath.Patterson@pmc.gov.au>; Finance
Media <media@finance.gov.au>; Trevor Jones <Trevor.Jones@pmc.gov.au>; Ramzi Jabbour
(AFP) <ramzi.jabbour@afp.gov.au>; Julie Igglesden <Julie.Igglesden@aec.gov.au>; Karl Hanmore
<Karl.Hanmore@defence.gov.au>; Neil Gaughan (AFP) <Neil.Gaughan@afp.gov.au>; Tobias
Feakin (DFAT) <Tobias.Feakin@dfat.gov.au>; Angelene Falk <angelene.falk@oaic.gov.au>;
Cameron ASHE <Cameron.Ashe@homeaffairs.gov.au>; Cameron Archer (DFAT)
<Cameron.Archer@dfat.gov.au>; Justin Bassi <Justin.Bassi@ona.gov.au>; Sandra Bradley
<Sandra.Bradley@defence.gov.au>; ian.nicholas@finance.gov.au; stein.helgeby@finance.gov.au;
jeff.pope@protected.aec.gov.au; timmc@agd.gov.au; vicki.middleton@communications.gov.au;
kathryn.mcmullan@ona.gov.au; peter.rush@pmc.gov.au; lucinda.atkinson@ag.gov.au;
jenny.allen@pmc.gov.au; MACGIBBON Alastair <Alastair.MACGIBBON@defence.gov.au>;
Kelly.Manaog@finance.gov.au; louise.bechtel@defence.gov.au; Charles Burnard (DFAT)
<Charles.Burnard@dfat.gov.au>; 'david.george13@defence.gov.au'
<david.george13@defence.gov.au>
Cc: Media Operations <media@homeaffairs.gov.au>; ACIC media <media@acic.gov.au>; AFP
National Media [AFP] <afpnationalmedia@afp.gov.au>; AGD Media <media@ag.gov.au>; Ahmad
SHAH <AHMAD.SHAH@HOMEAFFAIRS.GOV.AU>; Alastair MACGIBBON
<Alastair.MacGibbon@homeaffairs.gov.au>; ASD Assist <asd.assist@defence.gov.au>; ASD
Stratcomms <asd.stratcomms@defence.gov.au>; ASIO Media <media@asio.gov.au>;
Christopher ROBERTSON <CHRISTOPHER.ROBERTSON@HOMEAFFAIRS.GOV.AU>; Defence Media
<media@defence.gov.au>; Media (DFAT) <Media@dfat.gov.au>; Greg MILLER
<GREGORY.MILLER@HOMEAFFAIRS.GOV.AU>; John HULIN <John.Hulin@homeaffairs.gov.au>;
FOIREQ19/00173 092
For-Official-Use-Only
Good morning,
Please find attached version 12 of the Whole of Government talking points following the Prime
Minister’s statement this week on the recent cyber security incident.
Kind regards,
George Cross
National Security and Crisis Communication
Portfolio Media and Engagement Branch
Department of Home Affairs
Ext: 659426 |Media Line: 02 6264 2244
Email: media@homeaffairs.gov.au
For-Official-Use-Only
Important Notice: The content of this email is intended only for use by the individual or entity to
whom it is addressed. If you have received this email by mistake, please advise the sender and
delete the message and attachments immediately. This email, including attachments, may
contain confidential, sensitive, legally privileged and/or copyright information.
Any review, retransmission, dissemination or other use of this information by persons or entities
other than the intended recipient is prohibited. The Department of Home Affairs and ABF
respect your privacy and have obligations under the Privacy Act 1988.
Unsolicited commercial emails MUST NOT be sent to the originator of this email.
FOIREQ19/00173 093
FOIREQ19/00173 094
• Political and government networks are persistent targets of malicious cyber activity.
• We have also taken a proactive approach to protecting our elections from any
threats of foreign interference, including through the establishment of a multi-
agency electoral integrity assurance task force.
If asked: Who is behind this malicious cyber activity? Is it Iran, as suggested by the
Wall Street Journal?
• Our cyber experts believe that a sophisticated state actor is responsible for this
malicious activity.
• It would be too early to speculate on the specific offender – our immediate focus
has been on securing the networks, protecting victims and conducting
ongoing investigations.
• Proper and accurate attribution of a cyber incident takes time and any attribution
would be done in a measured fashion.
• The public can rest assured that our security and intelligence agencies have
identified the malicious activity and are responding appropriately.
If asked: When did you discover the compromise? How long has the actor been
inside the networks? Are they now out of the network?
• Our agencies are continuing to work with the parties to investigate the full extent of
the compromise. The necessary steps are being taken to secure the networks and
protect users.
If asked: How did the actor access the networks - through DPS?
• I can confirm the incidents are related but will not go into operational details.
• The actor was sophisticated enough to gain access to the networks but not
sophisticated enough to avoid detection.
• Our political system and our democracy remain strong, vibrant and protected.
• We, of course, would like to prevent as much malicious cyber activity as possible
but the key is to ensure our systems are resilient. We have detected this intrusion
and are dealing with it.
• We believe the electoral roll is safe, but as noted, investigations are ongoing.
Australians should be reassured that our Agencies discovered the breach of the
parties’ networks and acted decisively.
If asked: How significant was the penetration? Did the actor take anything
from anyone?
• All cyber intrusions are of course concerning. This incident again shows that
Australia and Australians are targeted by malicious actors. But we have resilient
systems in place to give us the best chance to detect such activity.
• The positive here is that we have appropriate systems in place and our agencies
have detected the activity and are securing the networks. This is about keeping our
public and institutions safe.
• ASIO, the Australian Signals Directorate and Australian Cyber Security Centre are
working together around the clock to understand the full extent of this incident.
• It is early in the investigation. The necessary steps are being taken to secure the
networks and protect users.
• Our focus is on securing the networks and keeping our public and institutions safe.
• We have resilient systems in place to give us the best chance to detect and
respond to malicious activity.
If asked: Why did the Government decide to announce this incident now?
• The decision to announce the cyber security incident is consistent with the intent to
take a proactive stance against malicious cyber activity.
If asked: How will the Government respond if material is used to interfere with
elections?
• The Government has been proactive in protective the integrity of our electoral
system, including establishing a dedicated taskforce.
• The Government has demonstrated that it is transparent about these matters when
they are discovered.
• It would be too early to speculate on the precise nature of how these organisations
have been affected, our immediate focus has been on securing the networks and
protecting victims.
If asked: Have other entities been affected and can you rule out even more
compromises?
• Our immediate priority has been securing these networks and we are working to
understand the full extent of this incident.
• This is about ensuring we work with the victims so the appropriate action can be
taken and to inform the public of a security matter and to reassure them that action
is being taken.
If asked: You briefed these political parties about the risk in 2017. Why has this
incident occured?
• We have been on the front foot when it comes to cyber security. Significant policies
and investments have been made to improve Australia’s resilience to cyber threats.
• The methods used by offenders are constantly evolving and Australia is constantly
exposed to cyber threats. And that’s why we must constantly evolve too.
• The parties have strengthened their cyber defences but no network is 100% secure.
Best practice is the ability to detect and remediate quickly, which is happening in
this case. This is a matter of preparing for both prevention and resilience.
If asked: Should the government provide more cyber security protection to political
parties?
• Protecting key public institutions from cyber threats is a key area of effort for the
Australian Cyber Security Centre, as part of the whole of economy focus.
• The Australian Cyber Security Centre (ACSC) has robust processes for responding
to all manner of cyber incidents.
• Noting the evolving threat environment, there are clear areas where we can
do more.
• Strengthening our cyber security capabilities has been a high priority for the
Government. Since 2013 we have:
o committed $230 million under the 2016 Cyber Security Strategy, including for
strong cyber defences and cyber security innovation
o this is in addition to the $300–400 million, over the next ten years,
announced in the 2016 Defence White Paper to improve Defence’s
cybersecurity capabilities
o gathered all of our cyber security capability within the one location in the
Australian Cyber Security Centre (at Brindabella Park, July 2018) to enhance
integration and inter-operability.
If asked: Are Australia and its Five-Eyes partners conducting a global hunt
operation to find the hackers?
If asked: Should political parties be subject to data protection obligations under the
Privacy Act?
• Since 2000, the Privacy Act has contained an exemption for members of the
Australian Parliament, local government councillors and registered political parties,
and their volunteers and contractors, in relation to specified kinds of political acts
and practices.
CLEARANCE
For-Official-Use-Only
Good morning,
Please find attached version 10 of the Whole of Government talking points following the Prime
Minister’s statement this week on the recent cyber security incident.
Kind regards,
George Cross
National Security and Crisis Communication
Portfolio Media and Engagement Branch
Department of Home Affairs
Ext: 659426 |Media Line: 02 6264 2244
FOIREQ19/00173 100
Email: media@homeaffairs.gov.au
For-Official-Use-Only
Important Notice: The content of this email is intended only for use by the individual or entity
to whom it is addressed. If you have received this email by mistake, please advise the sender
and delete the message and attachments immediately. This email, including attachments, may
contain confidential, sensitive, legally privileged and/or copyright information.
Unsolicited commercial emails MUST NOT be sent to the originator of this email.
FOIREQ19/00173 101
FOIREQ19/00173 102
• Political and government networks are persistent targets of malicious cyber activity.
• We have also taken a proactive approach to protecting our elections from any
threats of foreign interference, including through the establishment of a multi-
agency electoral integrity assurance task force.
• Our cyber experts believe that a sophisticated state actor is responsible for this
malicious activity.
• It would be too early to speculate on the specific offender – our immediate focus
has been on securing the networks, protecting victims and conducting
ongoing investigations.
• Proper and accurate attribution of a cyber incident takes time and any attribution
would be done in a measured fashion.
• The public can rest assured that our security and intelligence agencies have
identified the malicious activity and are responding appropriately.
If asked: When did you discover the compromise? How long has the actor been
inside the networks? Are they now out of the network?
• Our agencies are continuing to work with the parties to investigate the full extent of
the compromise. The necessary steps are being taken to secure the networks and
protect users.
If asked: How did the actor access the networks - through DPS?
• I can confirm the incidents are related but will not go into operational details.
• The actor was sophisticated enough to gain access to the networks but not
sophisticated enough to avoid detection.
• Our political system and our democracy remain strong, vibrant and protected.
• We, of course, would like to prevent as much malicious cyber activity as possible
but the key is to ensure our systems are resilient. We have detected this intrusion
and are dealing with it.
• We believe the electoral roll is safe, but as noted, investigations are ongoing.
Australians should be reassured that our Agencies discovered the breach of the
parties’ networks and acted decisively.
If asked: How significant was the penetration? Did the actor take anything
from anyone?
• All cyber intrusions are of course concerning. This incident again shows that
Australia and Australians are targeted by malicious actors. But we have resilient
systems in place to give us the best chance to detect such activity.
• The positive here is that we have appropriate systems in place and our agencies
have detected the activity and are securing the networks. This is about keeping our
public and institutions safe.
• ASIO, the Australian Signals Directorate and Australian Cyber Security Centre are
working together around the clock to understand the full extent of this incident.
• It is early in the investigation. The necessary steps are being taken to secure the
networks and protect users.
• At this stage there is no evidence of anything being stolen, and our focus is on
securing the networks.
If asked: Why did the Government decide to announce this incident now?
• The decision to announce the cyber security incident is consistent with the intent to
take a proactive stance against malicious cyber activity.
If asked: How will the Government respond if material is used to interfere with
elections?
• At this stage there is no evidence of anything being stolen, and our focus is on
securing the networks.
• It would be too early to speculate on the precise nature of how these organisations
have been affected, our immediate focus has been on securing the networks and
protecting victims.
If asked: Have other entities been affected and can you rule out even more
compromises?
• Our immediate priority has been securing these networks and we are working to
understand the full extent of this incident.
• This is about ensuring we work with the victims so the appropriate action can be
taken and to inform the public of a security matter and to reassure them that action
is being taken.
If asked: You briefed these political parties about the risk in 2017. Why has this
incident occured?
• We have been on the front foot when it comes to cyber security. Significant policies
and investments have been made to improve Australia’s resilience to cyber threats.
• The methods used by offenders are constantly evolving and Australia is constantly
exposed to cyber threats. And that’s why we must constantly evolve too.
• The parties have strengthened their cyber defences but no network is 100% secure.
Best practice is the ability to detect and remediate quickly, which is happening in
this case. This is a matter of preparing for both prevention and resilience.
If asked: Should the government provide more cyber security protection to political
parties?
• Protecting key public institutions from cyber threats is a key area of effort for the
Australian Cyber Security Centre, as part of the whole of economy focus.
• The Australian Cyber Security Centre (ACSC) has robust processes for responding
to all manner of cyber incidents.
• Noting the evolving threat environment, there are clear areas where we can
do more.
• Strengthening our cyber security capabilities has been a high priority for the
Government. Since 2013 we have:
o committed $230 million under the 2016 Cyber Security Strategy, including for
strong cyber defences and cyber security innovation
o this is in addition to the $300–400 million, over the next ten years,
announced in the 2016 Defence White Paper to improve Defence’s
cybersecurity capabilities
o gathered all of our cyber security capability within the one location in the
Australian Cyber Security Centre (at Brindabella Park, July 2018) to enhance
integration and inter-operability.
If asked: Are Australia and its Five-Eyes partners conducting a global hunt
operation to find the hackers?
If asked: Should political parties be subject to data protection obligations under the
Privacy Act?
• Since 2000, the Privacy Act has contained an exemption for members of the
Australian Parliament, local government councillors and registered political parties,
and their volunteers and contractors, in relation to specified kinds of political acts
and practices.
CLEARANCE
For-Official-Use-Only
Good morning,
Please find attached version 9 of the Whole of Government talking points following the Prime
Minister’s statement this week on the recent cyber security incident. Updates have been
highlighted.
Kind regards,
George Cross
National Security and Crisis Communication
Portfolio Media and Engagement Branch
Department of Home Affairs
FOIREQ19/00173 108
For-Official-Use-Only
Important Notice: The content of this email is intended only for use by the individual or entity
to whom it is addressed. If you have received this email by mistake, please advise the sender
and delete the message and attachments immediately. This email, including attachments, may
contain confidential, sensitive, legally privileged and/or copyright information.
Unsolicited commercial emails MUST NOT be sent to the originator of this email.
FOIREQ19/00173 109
FOIREQ19/00173 110
• Political and government networks are persistent targets of malicious cyber activity.
• We have also taken a proactive approach to protecting our elections from any
threats of foreign interference, including through the establishment of a multi-
agency electoral integrity assurance task force.
• Our cyber experts believe that a sophisticated state actor is responsible for this
malicious activity.
• It would be too early to speculate on the specific offender – our immediate focus
has been on securing the networks, protecting victims and conducting ongoing
investigations.
• Proper and accurate attribution of a cyber incident takes time and any attribution
would be done in a measured fashion.
• The public can rest assured that our security and intelligence agencies have
identified the malicious activity and are responding appropriately.
If asked: When did you discover the compromise? How long has the actor been
inside the networks? Are they now out of the network?
• Our agencies are continuing to work with the parties to investigate the full extent of
the compromise. The necessary steps are being taken to secure the networks and
protect users.
If asked: How did the actor access the networks - through DPS?
• I can confirm the incidents are related but will not go into operational details.
• The actor was sophisticated enough to gain access to the networks but not
sophisticated enough to avoid detection.
• Our political system and our democracy remain strong, vibrant and protected.
• We, of course, would like to prevent as much malicious cyber activity as possible
but the key is to ensure our systems are resilient. We have detected this intrusion
and are dealing with it.
• We believe the electoral roll is safe, but as noted, investigations are ongoing.
Australians should be reassured that our Agencies discovered the breach of the
parties’ networks and acted decisively.
If asked: How significant was the penetration? Did the actor take anything from
anyone?
• All cyber intrusions are of course concerning. This incident again shows that
Australia and Australians are targeted by malicious actors. But we have resilient
systems in place to give us the best chance to detect such activity.
• The positive here is that we have appropriate systems in place and our agencies
have detected the activity and are securing the networks. This is about keeping our
public and institutions safe.
• ASIO, the Australian Signals Directorate and Australian Cyber Security Centre are
working together around the clock to understand the full extent of this incident.
• It is early in the investigation. The necessary steps are being taken to secure the
networks and protect users.
• At this stage there is no evidence of anything being stolen, and our focus is on
securing the networks.
If asked: Why did the Government decide to announce this incident now?
• The decision to announce the cyber security incident is consistent with the intent to
take a proactive stance against malicious cyber activity.
If asked: How will the Government respond if material is used to interfere with
elections?
• At this stage there is no evidence of anything being stolen, and our focus is on
securing the networks.
• It would be too early to speculate on the precise nature of how these organisations
have been affected, our immediate focus has been on securing the networks and
protecting victims.
If asked: Have other entities been affected and can you rule out even more
compromises?
• Our immediate priority has been securing these networks and we are working to
understand the full extent of this incident.
• This is about ensuring we work with the victims so the appropriate action can be
taken and to inform the public of a security matter and to reassure them that action
is being taken.
If asked: You briefed these political parties about the risk in 2017. Why has this
incident occured?
• We have been on the front foot when it comes to cyber security. Significant policies
and investments have been made to improve Australia’s resilience to cyber threats.
• The methods used by offenders are constantly evolving and Australia is constantly
exposed to cyber threats. And that’s why we must constantly evolve too.
• The parties have strengthened their cyber defences but no network is 100% secure.
Best practice is the ability to detect and remediate quickly, which is happening in
this case. This is a matter of preparing for both prevention and resilience.
If asked: Should the government provide more cyber security protection to political
parties?
• Protecting key public institutions from cyber threats is a key area of effort for the
Australian Cyber Security Centre, as part of the whole of economy focus.
• The Australian Cyber Security Centre (ACSC) has robust processes for responding
to all manner of cyber incidents.
• Noting the evolving threat environment, there are clear areas where we can do
more.
If asked: Are Australia and its Five-Eyes partners conducting a global hunt
operation to find the hackers?
If asked: Should political parties be subject to data protection obligations under the
Privacy Act?
• Since 2000, the Privacy Act has contained an exemption for members of the
Australian Parliament, local government councillors and registered political parties,
and their volunteers and contractors, in relation to specified kinds of political acts
and practices.
CLEARANCE
For-Official-Use-Only
Good afternoon,
Please find attached version 8 of the Whole of Government talking points following the Prime
Minister’s statement yesterday on the recent cyber security incident with an amendment to the
classification.
Kind regards,
George Cross
National Security and Crisis Communication
Portfolio Media and Engagement Branch
Department of Home Affairs
Ext: 659426 |Media Line: 02 6264 2244
Email: media@homeaffairs.gov.au
FOIREQ19/00173 116
For-Official-Use-Only
Important Notice: The content of this email is intended only for use by the individual or entity
to whom it is addressed. If you have received this email by mistake, please advise the sender
and delete the message and attachments immediately. This email, including attachments, may
contain confidential, sensitive, legally privileged and/or copyright information.
Unsolicited commercial emails MUST NOT be sent to the originator of this email.
FOIREQ19/00173 117
FOIREQ19/00173 118
• Political and government networks are persistent targets of malicious cyber activity.
• We have also taken a proactive approach to protecting our elections from any
threats of foreign interference, including through the establishment of a multi-
agency electoral integrity assurance task force.
• Our cyber experts believe that a sophisticated state actor is responsible for this
malicious activity.
• It would be too early to speculate on the specific offender – our immediate focus
has been on securing the networks, protecting victims and conducting ongoing
investigations.
• Proper and accurate attribution of a cyber incident takes time and any attribution
would be done in a measured fashion.
• The public can rest assured that our security and intelligence agencies have
identified the malicious activity and are responding appropriately.
If asked: When did you discover the compromise? How long has the actor been
inside the networks? Are they now out of the network?
• Our agencies are continuing to work with the parties to investigate the full extent of
the compromise. The necessary steps are being taken to secure the networks and
protect users.
If asked: How did the actor access the networks - through DPS?
• I can confirm the incidents are related but will not go into operational details.
• The actor was sophisticated enough to gain access to the networks but not
sophisticated enough to avoid detection.
• Our political system and our democracy remain strong, vibrant and protected.
• We, of course, would like to prevent as much malicious cyber activity as possible
but the key is to ensure our systems are resilient. We have detected this intrusion
and are dealing with it.
• We believe the electoral roll is safe, but as noted, investigations are ongoing.
Australians should be reassured that our Agencies discovered the breach of the
parties’ networks and acted decisively.
If asked: How significant was the penetration? Did the actor take anything from
anyone?
• All cyber intrusions are of course concerning. This incident again shows that
Australia and Australians are targeted by malicious actors. But we have resilient
systems in place to give us the best chance to detect such activity.
• The positive here is that we have appropriate systems in place and our agencies
have detected the activity and are securing the networks. This is about keeping our
public and institutions safe.
• ASIO, the Australian Signals Directorate and Australian Cyber Security Centre are
working together around the clock to understand the full extent of this incident.
• It is early in the investigation. The necessary steps are being taken to secure the
networks and protect users.
• At this stage there is no evidence of anything being stolen, and our focus is on
securing the networks.
If asked: How will the Government respond if material is used to interfere with
elections?
• At this stage there is no evidence of anything being stolen, and our focus is on
securing the networks.
• It would be too early to speculate on the precise nature of how these organisations
have been affected, our immediate focus has been on securing the networks and
protecting victims.
If asked: Have other entities been affected and can you rule out even more
compromises?
• Our immediate priority has been securing these networks and we are working to
understand the full extent of this incident.
• This is about ensuring we work with the victims so the appropriate action can be
taken and to inform the public of a security matter and to reassure them that action
is being taken.
If asked: You briefed these political parties about the risk in 2017. Why has this
incident occured?
• We have been on the front foot when it comes to cyber security. Significant policies
and investments have been made to improve Australia’s resilience to cyber threats.
• The methods used by offenders are constantly evolving and Australia is constantly
exposed to cyber threats. And that’s why we must constantly evolve too.
• The parties have strengthened their cyber defences but no network is 100% secure.
Best practice is the ability to detect and remediate quickly, which is happening in
this case. This is a matter of preparing for both prevention and resilience.
If asked: Should the government provide more cyber security protection to political
parties?
• Protecting key public institutions from cyber threats is a key area of effort for the
Australian Cyber Security Centre, as part of the whole of economy focus.
• The Australian Cyber Security Centre (ACSC) has robust processes for responding
to all manner of cyber incidents.
• Noting the evolving threat environment, there are clear areas where we can do
more.
CLEARANCE
From: Amie Grierson <amie.grierson@oaic.gov.au>
Sent: Wednesday, 10 April 2019 8:35 AM
To: Amanda Baird <amanda.baird@oaic.gov.au>
Subject: [SEC=UNCLASSIFIED]
Hi Amanda,
Who had the DPS stuff. Press clip today. https://www.itnews.com.au/news/asd-confirms-data-
stolen-in-parliament-it-breach-523595?
utm_source=feed&utm_medium=rss&utm_campaign=iTnews+
Thanks,
Amie
FOIREQ19/00173 123
Part one is the 'statement' about a data breach required by section 26WK of the Privacy Act. If you are required to
notify individuals of the breach, in your notification to those individuals you must provide them with the information
you have entered into part one of the form.
The OAIC encourages entities to voluntarily provide additional information about the eligible data breach in part two of
this form. Part two of the form is optional, but the OAIC may need to contact you to seek further information if you do
not complete this part of the form.
Before completing this form, we recommend that you read our resource What to include in an eligible data breach
statement.
If you are unsure whether your entity has experienced an eligible data breach, you may wish to review the Identifying
eligible data breaches resource.
The OAIC will send an acknowledgement of your statement about an eligible data breach on receipt with a reference
number.
You can save this form at any point and return to complete it within 3 days. To save your form, click on the Save For
Later button on the top right-hand corner of this form. If you do not submit your saved form within 3 days, your saved
information will be permanently erased.
Refreshing your browser will clear any information that you have not saved. If you need to refresh your browser while
completing this form and wish to keep your changes, please save the form first.
We collect this information to consider and respond to your breach notification. We may use it to contact you.
More information about how the OAIC handles personal information is available in our privacy policy.
Hello
Please see attached letter. I discussed this issue with an Officer from the Department of Parliamentary Services last night.
To consider and discuss response.
Timothy
Timothy Pilgrim
Australian Information Commissioner
Australian Privacy Commissioner
Office of the Australian Information Commissioner
Level 3, 175 Pitt Street Sydney NSW 2001
GPO Box 5218 SYDNEY NSW 2001 | www.oaic.gov.au
Phone +61 2 9284 9601 | Fax +61 2 9284 9723
timothy.pilgrim@oaic.gov.au
dpap-email-signature-approved
From: Office Of The Secretary (DPS) [mailto:OfficeOfTheSecretary@aph.gov.au]
Sent: Wednesday, 5 April 2017 10:27 AM
To: Timothy Pilgrim <timothy.pilgrim@oaic.gov.au>
Subject: Letter from Rob Stefanic (Secretary, Department of Parliamentary Services)
Dear Mr Pilgrim
Please find attached a letter from Mr Stefanic regarding a recent incident impacting mobile numbers of a number of
parliamentarians, their staff and former prime ministers.
A hard copy of the letter will follow in the mail.
Kind regards
Jayne
Jayne Harrison
Executive Assistant to the Secretary, Mr Rob Stefanic
T: 02 6277 5027 | E: Jayne.harrison@aph.gov.au
Parliament House | PO Box 6000 | Canberra ACT 2600
FOIREQ19/00173 131
FOIREQ19/00173 132
FOIREQ19/00173 133
DBN17/00039 Baird, Amanda
08-Aug-2019 4:45 PM
Title
APH - Department of Parliamentary Services
Receipt Details
File Type: Privacy Received Date: 05-Apr-2017 12:00 AM
Sub Type: Voluntary Received By: Elphick, Amie
How Received: Registered Date: 13-Apr-2017 11:43 AM
Owned By: Baird, Amanda Registered By: Baird, Amanda
Closed Date: 27-Apr-2017 9:38 AM
Closed By: Baird, Amanda
Case Details
Stage: Closed
File Security: UNCLASSIFIED
Primary Client Group: Agency
Parent Case Entity Code: Data Breach Notification
Case PrimaryPerson: APH - Department of Parliamentary Services
DBN Date aware of incident: 20-Mar-2017
Case Outcome: no view required
Risk Rating: Low
Risk Rating Q2_A: Many (approx. 2-100)
MOU Flag: N/A
Date of Breach: 22-Dec-2016
Affected People Notified: Yes
Source of Breach (voluntary): Human error
Retention Class: OAIC RA 61986 (D2)
Child matter:: No
Case Parties - 2
Notified By Client: APH - Department of Parliamentary Services
Notified By Contact: Stefanic, Rob
Summary
R notified of a data breach involving current and former Parliamentarian mobile phone numbers being published in expense reports on the Australian Parliament House
website. R advised this was due to a change in protocol of its telecommunications contractor. R advised affected individuals notified and assistance offer, reports
removed from website and that Google has deleted cached records. R is in ongoing review with contractor to prevent reoccurence.
Thanked R for the information and asked for copy of review report once completed. NFA required.
Issues - 2
Issue Description: APP> APP 6 - Use or Disclosure CP
Is Primary Issue: Yes
Issue Type: Primary
-------------------------------------------------
Issue Description: APP> APP 11 - Security of Personal Information CP
Is Primary Issue: No
Issue Type: Primary
-------------------------------------------------
Actions - 10 (All Completed)
Action Owner Due Completed
Register Case Elphick, Amie 14-Apr-2017 13-Apr-2017
Move to DBN Allocation basket Elphick, Amie 14-Apr-2017 13-Apr-2017
Prepare and Send Acknowledgment Admin Officer 17-Apr-2017 13-Apr-2017, Elphick, Amie
Letter (DBN)
Allocate DBN (Assessment) Allocation - DBN 14-Apr-2017 19-Apr-2017, Tilbrook, Luke
Assess Data Breach Notification Tilbrook, Luke 20-Apr-2017 19-Apr-2017: Proceed with DBN
R has notified that mobile phone numbers of current and former parliamentarians, staff, and prime ministers, were published by a contractor on the APH website on 22
December 2016. R became aware the information had been published on 20 March 2017 by a journalist. R immediately removed the information from the website,
contacting search engines to remove any cached versions. R also contacted the affected individuals, providing advice on changing numbers and dealing with unwanted
calls. R is working with the contractor to prevent disclosure from reoccurring, and to determine how the situation occurred.
Please contact R to request any further info
of how the situation occurred and of any further action R is taking with contractor to minimise reoccurance.
Title
APH - Department of Parliamentary Services
Receipt Details
File Type: Privacy Received Date: 29-Jul-2019 2:50 PM
Sub Type: NDB Received By: Web Queue
How Received: Registered Date: 29-Jul-2019 4:20 PM
Owned By: Allocation - DBN Registered By: Allocation - DBN
Case Details
How Received: Website
File Security: UNCLASSIFIED
Primary Client Group: Agency
Parent Case Entity Code: Data Breach Notification
Case PrimaryPerson: APH - Department of Parliamentary Services
SmartForm Number: 20755831
Is Web Case: Yes
SmartForm XML: ...
Web Case Data: DBN 24-
Date Jul-
aware of 2019
incident:
Confidential Informant: No
Date of Breach: 22-Jul-2019
Source of Breach (voluntary): Malicious or criminal attack
DBN NDB Global number of 1
people affected:
DBN NDB Kind(s) of personal Financial details
information involved:
DBN NDB Exact global number of 1
people affected:
DBN NDB Description of action Contacted individual to advise of need to change passwords to any other sites where that password...
taken to assist:
DBN NDB Description of action Website blocks placed on domains associated with breach.
taken to prevent:
DBN NDB Description of eligible Disclosure of individuals personal information to a scammer as a result of a phishing campaign
data breach:
DBN NDB Description of how the Individual received email purporting to be from financial institution advising accounts had been ...
data breach occurred:
DBN NDB How do you intend to Individual already notified by phone
notify individuals:
DBN NDB Recommended Steps: Contact the financial institution to place holds on accounts, reissue cards and reset credentials...
DBN NDB Kinds of personal Netbanking logon details
information involved text:
DBN NDB Other entities affected Yes
YN:
Case Parties - 3
Notified By Client: APH - Department of Parliamentary Services
Notified By Contact: Walker, John
Relevant Person: CBA - Commonwealth Bank of Australia Limited
Summary
Confirm details of notification
Actions - 4 (1 Open, 3 Completed)
Action Owner Due Completed
Register Case (NDB) Web Queue 30-Jul-2019 30-Jul-2019, Gouvatsos, Joseph
Send acknowledgement (NDB) Web Queue 31-Jul-2019 30-Jul-2019, Gouvatsos, Joseph
Move to DBN allocation (NDB) Web Queue 31-Jul-2019 30-Jul-2019, Gouvatsos, Joseph
Allocate assessment (NDB) Allocation - DBN 31-Jul-2019
Documents - 4
Title Date Added By
form-data.xml 29-Jul-2019 4:20 PM Gouvatsos, Joseph
form-receipt.pdf 29-Jul-2019 4:20 PM Gouvatsos, Joseph
NDB Acknowledgement Letter 30-Jul-2019 8:41 AM Gouvatsos, Joseph
DBN19 00701 2019-07 NDB Acknowledgement Letter [SEC=OFFICIAL] 30-Jul-2019 8:42 AM FOIREQ19/00173
Gouvatsos, Joseph 136
FOIREQ19/00173 137
Key messages
• The OAIC understands that the Department of Parliamentary Services (DPS) has experienced a
cyber incident involving the parliamentary computing network, and is receiving assistance from
the Australian Signals Directorate (ASD) and the Australian Cyber Security Centre (ACSC).
• The OAIC has not received a data breach notification from DPS. The DPS is exempt from the
operation of the Privacy Act and therefore from the Notifiable Data Breaches (NDB) scheme.
• However, this incident is a timely reminder for Australian Government agencies and organisations
to ensure they have robust information security measures in place to protect their personal
information holdings from data breaches and in particular, cyber security incidents.
• One of the key trends in notifications under the NDB scheme has been the increase in malicious or
criminal attacks involving personal information. As our latest quarterly statistical report sets out,
malicious or criminal attacks account for the majority of data breaches notified to the OAIC. Of
these kinds of attacks, most are the result of a cyber security incident.
Critical facts
• On 8 February 2019, media reports indicated that the Parliament computer network, maintained
by DPS, was subject to a cyber incident. 1
• The OAIC understands that the network is used by parliamentarians and their staff at both
Parliament House, electoral offices, interstate Commonwealth parliamentary offices as well as
DPS itself.
• DPS has publicly stated that it has reset the passwords for all participants in the network, and is
further investigating the data breach ‘in conjunction with the relevant security agencies’.
s 42
1
https://www.itnews.com.au/news/security-breach-strikes-parliaments-it-network-519035
Page 1 of 2
s 42 FOIREQ19/00173 138
• On 7 March 2019, DPS made a submission to the Joint Committee of Public Accounts and Audit
regarding its Cyber Resilience inquiry. 2 DPS’s submission confirmed that, in relation to the ACSC’s
Essential Eight strategies to mitigate cyber security incidents:
o it has implemented the Top Four strategies, with a priority program in place to obtain
maturity level 3 within the next 12 months
o of the remaining four strategies, ‘one has been fully implemented, one has been
implemented to level of approximately 70% and one is currently in pilot’
o the remaining Essential Eight strategy has not been implemented ‘due to the impact this
would have on the flexibility of systems and software used by parliamentarians’. DPS
advised this was being risk managed.
Document history
Updated by Reason Approved by Date
Amanda Baird April 2019 Senate n/a 18/3/2019
Estimates
2
https://www.aph.gov.au/Parliamentary_Business/Committees/Joint/Public_Accounts_and_Audit/CyberResilience/Submis
sions
Page 2 of 2