FOIREQ1900173 Documents - Redacted

FOIREQ19/00173 001
From: Amanda Baird

To: OfficeOfTheSecretary@aph.gov.au
Subject: DBN17/00039 - Department of Parliamentary Services [SEC=UNCLASSIFIED]
Date: Thursday, 27 April 2017 9:34:00 AM
Attachments: image001.jpg
DBN17 00039 DPS 2017-4-27.pdf
Our reference: DBN17/00039

Dear Ms Harrison

I refer to Mr Stefanic’s letter of 5 April 2017 regarding a data breach incident involving the
Department of Parliamentary Services.

Please find attached a response from the Office of the Australian Information Commissioner.

Regards,

Amanda Baird | Investigations Officer | Dispute Resolution
Office of the Australian Information Commissioner
GPO Box 5218 SYDNEY NSW 2001 | www.oaic.gov.au
Phone: + 61 2 8231 4226 | Fax: + 61 2 9284 9666 | amanda.baird@oaic.gov.au

Protecting information rights – advancing information policy
Email signature image

FOIREQ19/00173 002
FOIREQ19/00173 003
 initiated a review of the ongoing contract with Telco Management, which has
identified further safeguards to prevent reoccurrence of this issue.
I note from Mr Stefanic’s letter that DPS’s review of the incident is ongoing. I would be
grateful if DPS would provide the OAIC with a copy of the review and any recommendations
once completed.
Thank you for drawing this incident to the OAIC’s attention.
Yours sincerely
Amanda Baird
Investigations Officer
Dispute Resolution Branch
27 April 2017
www.oaic.gov.au | 2
FOIREQ19/00173 004
From: Office Of The Secretary (DPS)

To: Amanda Baird
Cc: Office Of The Secretary (DPS)
Subject: RE: HPRM: DBN17/00039 - Department of Parliamentary Services [SEC=UNCLASSIFIED]
Date: Monday, 26 June 2017 5:38:21 PM
Attachments: image002.png
image003.jpg
Letter to OIAC_report on data spill.pdf
Dear Ms Baird

Please find attached a letter from Mr Ian McKenzie, Acting Chief Information Officer, providing a copy of the DPS report on data
spill of parliamentarians and staff mobile numbers.

Kind regards

Linda Craige
Executive Officer | Office of the Secretary, Mr Rob Stefanic
T: 02 6277 2507 | E: linda.craige@aph.gov.au
Parliament House | PO Box 6000 | Canberra ACT 2600
Department of Parliamentary Services

From: Amanda Baird [mailto:amanda.baird@oaic.gov.au]
Sent: Thursday, 27 April 2017 9:34 AM
To: Office Of The Secretary (DPS)
Subject: HPRM: DBN17/00039 - Department of Parliamentary Services [SEC=UNCLASSIFIED]


Dear Ms Harrison

I refer to Mr Stefanic’s letter of 5 April 2017 regarding a data breach incident involving the Department of Parliamentary Services.


Regards,


***********************************************************************
WARNING: The information contained in this email may be confidential.
If you are not the intended recipient, any use or copying of any part
of this information is unauthorised. If you have received this email in
error, we apologise for any inconvenience and request that you notify
the sender immediately and delete all copies of this email, together
with any attachments.
***********************************************************************
FOIREQ19/00173 005
FOIREQ19/00173 006
FOIREQ19/00173 007
FOIREQ19/00173 008
FOIREQ19/00173 009
FOIREQ19/00173 010
FOIREQ19/00173 011
From: Amanda Baird

To: Annan Boag; Andrew Solomon
Subject: FW: HPRM: DBN17/00039 - Department of Parliamentary Services [SEC=UNCLASSIFIED]
Date: Tuesday, 27 June 2017 7:51:00 AM
image003.jpg
Hi Annan and Andrew

FYI - attached is the report from DPS regarding the data breach the Secretary notified Timothy directly about. It’s been attached to
the file.

Thanks, Amanda

From: Office Of The Secretary (DPS) [mailto:OfficeOfTheSecretary@aph.gov.au]
Sent: Monday, 26 June 2017 5:38 PM
To: Amanda Baird <amanda.baird@oaic.gov.au>
Cc: Office Of The Secretary (DPS) <OfficeOfTheSecretary@aph.gov.au>

Dear Ms Baird


Kind regards

Linda Craige



Dear Ms Harrison



Regards,


***********************************************************************
FOIREQ19/00173 012

***********************************************************************
FOIREQ19/00173 013
FOIREQ19/00173 014
FOIREQ19/00173 015
FOIREQ19/00173 016
FOIREQ19/00173 017
FOIREQ19/00173 018
FOIREQ19/00173 019
From: Annan Boag

To: Amanda Baird; Andrew Solomon
image002.jpg
Thanks Amanda. Could you please write a short email summarising key points to send to Angelene and Timothy attaching this
report? They asked me to keep them updated about this matter.

Annan

From: Amanda Baird
Sent: Tuesday, 27 June 2017 7:51 AM
To: Annan Boag <annan.boag@oaic.gov.au>; Andrew Solomon <andrew.solomon@oaic.gov.au>

Hi Annan and Andrew

FYI - attached is the report from DPS regarding the data breach the Secretary notified Timothy directly about. It’s been attached to
the file.

Thanks, Amanda


Dear Ms Baird


Kind regards

Linda Craige



Dear Ms Harrison



Regards,


FOIREQ19/00173 020
FOIREQ19/00173 021
From: Amanda Baird

To: Annan Boag
image003.jpg
Hi Annan

The OAIC has received a full report from the Department of Parliamentary Services in relation to the data breach of parliamentary
staff and MP’s phone numbers (see attached).

In summary, the Department has advised that at 12:20 pm on 20 March 2017, a Fairfax journalist alerted the Department that he
was able to obtain the names and phone numbers of parliamentarians and their staff from supposedly redacted
telecommunications reports published by the Department on the Australian Parliament House (APH) website. The Department
removed the telecommunications reports from the APH website by 1:20 pm that day. The Department also assessed that the only
major search engine that had cached the documents was Google, and took steps to confirm that google had deleted the cached
versions that evening.

The Department confirmed with its vendor, Telco Management, that the reason for the data breach was a Telco Management
programmer’s decision to change the font colour of the information that was to be redacted, in order to meet a coding change
requested by TM to streamline the reports process. The Department confirmed that visual inspections by both Telco Management
and the Department did not detect that the information had not been completely redacted from the documents.

The Department assessed that there were 980 individual file downloads from the APH website from when the documents were
uploaded (22 December 2016), with 660 downloads originating from three IP addresses and the remaining downloads across 85 IP
addresses.

The Department was briefed by the relevant security and law enforcement agencies regarding potential security issues for
parliamentarians, and provided update briefings to key stakeholders. The Department also offered private briefings to affected
parliamentarians.

The Department has sought and received written assurances from Telco Management that it has changed its process and has
implemented additional controls for the preparation of redacted reports. The Department has also implemented further internal
controls to examine future reports before publishing on the APH website. The Department has decided to retain its contract with
Telco Management for these services.

Regards,




Dear Ms Baird


Kind regards

Linda Craige
FOIREQ19/00173 022




Dear Ms Harrison



Regards,


***********************************************************************
***********************************************************************
FOIREQ19/00173 023
FOIREQ19/00173 024
FOIREQ19/00173 025
FOIREQ19/00173 026
FOIREQ19/00173 027
FOIREQ19/00173 028
FOIREQ19/00173 029
From: Annan Boag

To: Timothy Pilgrim; Angelene Falk
Cc: Andrew Solomon; Amanda Baird
Subject: Department of Parliamentary Services data breach [DLM=For-Official-Use-Only]
image003.jpg
Timothy, Angelene,

For your information, see attached the report of the Department of Parliamentary Services into the data breach involving MP’s
phone numbers.

A good summary of the report has been provided by Amanda, below.

We do not propose to take any further action on this matter.

Annan

From: Amanda Baird
To: Annan Boag <annan.boag@oaic.gov.au>

Hi Annan




addresses.

parliamentarians.


Regards,


FOIREQ19/00173 030


Dear Ms Baird


Kind regards

Linda Craige



Dear Ms Harrison



Regards,


***********************************************************************
***********************************************************************
FOIREQ19/00173 031
FOIREQ19/00173 032
FOIREQ19/00173 033
FOIREQ19/00173 034
FOIREQ19/00173 035
FOIREQ19/00173 036
FOIREQ19/00173 037
From: Amanda Baird

image002.png
Dear Ms Craige

Thank you for the letter from Mr McKenzie. I note it refers to appendices that do not appear to be attached to the letter. Was
there another document that was intended to be provided?

Regards,




Dear Ms Baird


Kind regards

Linda Craige



Dear Ms Harrison



Regards,


FOIREQ19/00173 038
FOIREQ19/00173 039
From: Timothy Pilgrim

To: Annan Boag; Angelene Falk
Cc: Andrew Solomon; Amanda Baird
Subject: RE: Department of Parliamentary Services data breach [DLM=For-Official-Use-Only]
Date: Wednesday, 28 June 2017 10:47:09 AM
image003.jpg
image004.png
Hello Annan

Thanks for that I agree no further action.

TP

Timothy Pilgrim
Australian Information Commissioner
Australian Privacy Commissioner
Level 3, 175 Pitt Street Sydney NSW 2001
Phone +61 2 9284 9601 | Fax +61 2 9284 9723
timothy.pilgrim@oaic.gov.au

dpap-email-signature-approved

From: Annan Boag
To: Timothy Pilgrim <timothy.pilgrim@oaic.gov.au>; Angelene Falk <angelene.falk@oaic.gov.au>
Cc: Andrew Solomon <andrew.solomon@oaic.gov.au>; Amanda Baird <amanda.baird@oaic.gov.au>

Timothy, Angelene,

phone numbers.



Annan

From: Amanda Baird

Hi Annan


FOIREQ19/00173 040


addresses.

parliamentarians.


Regards,




Dear Ms Baird


Kind regards

Linda Craige



Dear Ms Harrison
FOIREQ19/00173 041



Regards,


***********************************************************************
***********************************************************************
FOIREQ19/00173 042
From: Annan Boag

To: Amanda Baird
Subject: FW: Department of Parliamentary Services data breach [DLM=For-Official-Use-Only]
Date: Wednesday, 28 June 2017 10:50:21 AM
image003.jpg
image004.png
Thanks for the summary Amanda. If you haven’t already , could you please just reply thanking them for sending that through

Annan

Sent: Wednesday, 28 June 2017 10:47 AM
To: Annan Boag <annan.boag@oaic.gov.au>; Angelene Falk <angelene.falk@oaic.gov.au>
Subject: RE: Department of Parliamentary Services data breach [DLM=For-Official-Use-Only]

Hello Annan

Thanks for that I agree no further action.

TP

Timothy Pilgrim
Phone +61 2 9284 9601 | Fax +61 2 9284 9723


From: Annan Boag
To: Timothy Pilgrim <timothy.pilgrim@oaic.gov.au>; Angelene Falk <angelene.falk@oaic.gov.au>

Timothy, Angelene,

phone numbers.



Annan

From: Amanda Baird
FOIREQ19/00173 043

Hi Annan




addresses.

parliamentarians.


Regards,




Dear Ms Baird


Kind regards

Linda Craige
FOIREQ19/00173 044



Dear Ms Harrison



Regards,


***********************************************************************
***********************************************************************
FOIREQ19/00173 045
From: Office Of The Secretary (DPS)

To: Amanda Baird
Date: Wednesday, 28 June 2017 3:34:32 PM
image003.jpg
DPS Report on Data Spill and Disclosure of Parliamentarian and Staff Mobile Numbers.pdf
Hi Amanda

My sincere apologies. Full report now attached.

Kind regards
Linda

Linda Craige


Dear Ms Craige


Regards,




Dear Ms Baird


Kind regards

Linda Craige

FOIREQ19/00173 046



Dear Ms Harrison



Regards,


***********************************************************************
***********************************************************************
***********************************************************************
***********************************************************************
FOIREQ19/00173 047
FOIREQ19/00173 048
FOIREQ19/00173 049
FOIREQ19/00173 050
FOIREQ19/00173 051
FOIREQ19/00173 052
FOIREQ19/00173 053
FOIREQ19/00173 054
FOIREQ19/00173 055
FOIREQ19/00173 056
FOIREQ19/00173 057
FOIREQ19/00173 058
FOIREQ19/00173 059
FOIREQ19/00173 060
FOIREQ19/00173 061
FOIREQ19/00173 062
From: Amanda Baird

Date: Wednesday, 28 June 2017 3:38:00 PM
image002.png

Dear Ms Craige

Thank you very much for the full report, and for keeping our office updated.

Kind regards,



Sent: Wednesday, 28 June 2017 3:34 PM

Hi Amanda

My sincere apologies. Full report now attached.

Kind regards
Linda

Linda Craige


Dear Ms Craige


Regards,


FOIREQ19/00173 063
FOIREQ19/00173 064

***********************************************************************
s 42
FOIREQ19/00173 065
FOIREQ19/00173 066
FOIREQ19/00173 067
s 42
FOIREQ19/00173 068
FOIREQ19/00173 069
From: Amanda Baird

To: Amie Grierson
Subject: DPS data breach brief [SEC=UNCLASSIFIED]
Date: Wednesday, 13 February 2019 11:52:00 AM
Hi Amie

For your review – the brief on the DPS data breach D2019/001313. The news articles quote a
joint statement by the Senate President and the Speaker, but it doesn’t appear to have been
made public.

Thanks, Amanda

FOIREQ19/00173 070
From: Amie Grierson

To: Andrew Solomon; DRclearance
Cc: Amanda Baird; Caren Whip
Subject: FOR CLEARANCE: Brief [SEC=UNCLASSIFIED]
Date: Wednesday, 13 February 2019 2:03:54 PM
Hi Andrew,

Please find the additional brief on the DPS data breach D2019/001313 for your clearance,
prepared by Amanda and cleared by me.

I am not sure how much detail Angelene will require. s 42
s 42
Thanks,
Amie
FOIREQ19/00173 071
From: Amie Grierson

To: Angelene Falk; Lorraine Nurney
Cc: Brenton Attard; Elizabeth Hampton; Melanie Drayton; Andrew Solomon; Amanda Baird; Sarah Ghali
Subject: RE: Status on Briefs: question for Amie [SEC=UNCLASSIFIED]
image002.png
image003.png
image004.png
image005.png
Dear Angelene,

We have now updated the NDB overview brief D2019/000838 to include s 22 and a brief reference to the
Department of Parliamentary Services cyber incident (the subject of a separate brief). The NDB overview brief is now for your further approval.
s 22
The additional brief relating to the Dept of Parliamentary Services cyber incident is awaiting clearance by Andrew. D2019/001313

Lorraine – Could you please s 22 add
the DPS Cyber Incident brief to Folder A and the index.

Many thanks to Amanda for her work on these briefs.

Thanks,
Amie

Topic Who TRIM link
February 2019
Awaiting
clearance with
AS.
Com brief –DPS Cyber incident Amie Grierson
Lorraine to add
to index/Folder
D2019/001313 With Andrew for approval. A.
Com brief - NDB overview (renamed) Amie Grierson D2019/000838 Resubmitted For approval
s 22

From: Angelene Falk <angelene.falk@oaic.gov.au>
Sent: Wednesday, 13 February 2019 4:54 PM
To: Lorraine Nurney <lorraine.nurney@oaic.gov.au>; Amie Grierson <amie.grierson@oaic.gov.au>
Cc: Brenton Attard <brenton.attard@oaic.gov.au>; Elizabeth Hampton <elizabeth.hampton@oaic.gov.au>; Melanie Drayton <melanie.drayton@oaic.gov.au>;
Andrew Solomon <andrew.solomon@oaic.gov.au>; Ying Chin <ying.chin@oaic.gov.au>; Caitlin Rees <caitlin.rees@oaic.gov.au>
Subject: Status on Briefs: question for Amie [SEC=UNCLASSIFIED]

Hi Lorraine

Here is where the briefs are up to from these lists ( I will now work on the next list!). Everyone who has information that needs to be resubmitted has been
advised.
s 22
Many thanks

Angelene

Topic Who TRIM link
February 2019
FOIREQ19/00173 072
s 22

Topic Who TRIM link 13 Feb
February 2019
s 22
Amie wanted to
Com brief - NDB overview (renamed) Amie Grierson
D2019/000838 Resubmitted add to this
s 22

Angelene Falk | Australian Information Commissioner and Privacy Commissioner
GPO Box 5218 Sydney NSW 2001 | oaic.gov.au
+61 2 9284 9651 | +61 418 270 427 | angelene.falk@oaic.gov.au
| | | Subscribe to OAICnet newsletter

FOIREQ19/00173 073
From: Angelene Falk

To: Amie Grierson; Lorraine Nurney
Cc: Brenton Attard; Elizabeth Hampton; Melanie Drayton; Andrew Solomon; Amanda Baird; Sarah Ghali
image002.png
image003.png
image004.png
image005.png
Thank you!

From: Amie Grierson <amie.grierson@oaic.gov.au>
To: Angelene Falk <angelene.falk@oaic.gov.au>; Lorraine Nurney <lorraine.nurney@oaic.gov.au>
Andrew Solomon <andrew.solomon@oaic.gov.au>; Amanda Baird <amanda.baird@oaic.gov.au>; Sarah Ghali <sarah.ghali@oaic.gov.au>

Dear Angelene,

We have now updated the NDB overview brief D2019/000838 to include s 22 and a brief reference to the

s 22

Lorraine – Could you please s 22 add


Thanks,
Amie

Topic Who TRIM link
February 2019
Awaiting
clearance with
AS.
Lorraine to add
to index/Folder
s 22


Hi Lorraine

advised.

s 22
FOIREQ19/00173 074
s 22

Many thanks

Angelene

Topic Who TRIM link
February 2019
s 22

February 2019
s 22
Amie wanted to
s 22


FOIREQ19/00173 075
From: Elizabeth Hampton

To: Amie Grierson; Angelene Falk; Lorraine Nurney
Cc: Brenton Attard; Melanie Drayton; Andrew Solomon; Amanda Baird; Sarah Ghali
image002.png
image003.png
image004.png
image005.png
Thanks Amie (and I agree, Amanda’s been awesome with all of them!)


Dear Angelene,

We have now updated the NDB overview brief D2019/000838 to include s 22 , and a brief reference to the

s 22

Lorraine – Could you please s 22 please add


Thanks,
Amie

Topic Who TRIM link
February 2019
Awaiting
clearance with
AS.
Lorraine to add
to index/Folder
s 22


Hi Lorraine

advised.

s 22
FOIREQ19/00173 076
s 22

Many thanks

Angelene

Topic Who TRIM link
February 2019
s 22

February 2019
s 22
Amie wanted to
s 22


FOIREQ19/00173 077
From: Amanda Baird

To: Amie Grierson
Date: Thursday, 14 February 2019 9:32:00 AM
image002.png
image003.png
image004.png
image005.png
Hi Amie

s 22

Thanks, Amanda

To: Amie Grierson <amie.grierson@oaic.gov.au>; Lorraine Nurney <lorraine.nurney@oaic.gov.au>

Thank you!


Dear Angelene,

We have now updated the NDB overview brief D2019/000838 to include s 22 , and a brief reference to the

s 22


s 22


Thanks,
Amie

Topic Who TRIM link
February 2019
Awaiting
clearance with
AS.
Lorraine to add
to index/Folder
s 22

FOIREQ19/00173 078


Hi Lorraine

advised.

s 22
Many thanks

Angelene

Topic Who TRIM link
February 2019
s 22

February 2019
Resubmitted Question for Melanie within on rep Approved
Com brief - Facebook Amie Grierson
D2019/000868 complaint
Amie wanted to
s 22


FOIREQ19/00173 079
From: Amie Grierson

To: Angelene Falk; Elizabeth Hampton; Melanie Drayton; Andrew Solomon
Cc: Amanda Baird; Sophie Higgins
Subject: File note ACSC conference call [DLM=For-Official-Use-Only]
Date: Monday, 18 February 2019 2:32:44 PM
Hi Angelene,

Here is a file note of the call this morning.

I would note in particular that the information at times seemed slightly ambiguous about what
might have been accessed/vulnerable vs what was removed from the various systems.

From our perspective, we would hope that the entities who have NDB obligations focus on their
obligation to assess any ‘data breach’. A data breach can include access to data, and doesn’t
necessarily need to involve exfiltration from the system to constitute an eligible data breach.
Hopefully as the matters move forward we will receive more detailed information about what
has occurred and can form some views around eligibility at this later stage (noting of course that
a range of entities may not have obligations under the scheme).
Thanks,
Amie

Teleconference: Cyber Incident briefing

· OAIC attended a call with the ACSC, and various representatives from ASD, ASIO, the
AEC, APSC, State electoral commissions, and representatives from other Fed Govt
agencies.
· The ACSC noted the Department of Parliamentary Services incident, referred to in media
over the past weeks.
· While working on this matter, the ACSC had identified tendrils that stretched across to
major political parties.
· At midday the PM will be providing an address about the matter, with a response to
follow from the Opposition leader. Contents of call embargoed until after the
announcement.
· The incident has directly targeted political parties.
· The ACSC advised on their actions to date.
· The information in the call was on an unclassified line so not all details could be
provided.
· However, the ACSC could say that as a result of the DPS incident, they had seen broader
connectivity between various networks and an adversaries infrastructure, with targets
across the major political parties.
· The ACSC was continuing to work with the political parties to respond to the attack.
· The ACSC will provide a technical briefing pack shortly.
· ACSC are providing a technical tool to the relevant IT security areas/persons.
· For those who might be provided the tool, do not be too alarmed if it gives an alert, as
the tool casts a broad net.
· Concerned that it is an issue across States and Territories, hence the involvement of the
FOIREQ19/00173 080
relevant electoral commissions.

· Evidence that the ‘adversary’ was communicating with infrastructure.
· Attack targeted departments and political parties.
· Some of the information held by the entities is highly sensitive.
· State Govt Chief Information Security Officers (CISOs) had been contacted.
· Briefings within PM&C.
· Noted there was no evidence of electoral interference or evidence of specific foreign
interference.
· Are treating it as a cyber-incident at this stage.
· Talking points will be distributed just after the address to parliament starts.
· ACSC are continuing to provide briefings to political parties and assist them with
technical support.
· The ACSC noted for the OAIC that personal information has been compromised.
· OAIC asked whether there was evidence of exfiltration, and were advised no evidence of
this at this stage.
· ACSC will be promulgating the security tool, and advising on actions to take to address
the risks.

FOIREQ19/00173 081
From: Amie Grierson

To: Amanda Baird
Subject: FW: FOR INFORMATION: Whole of Government talking points V10 - Cyber Security [DLM=For-Official-Use-
Only]
Date: Thursday, 21 February 2019 12:03:25 PM
Attachments: 20190221 WoG TPs cyber security incident V10.docx

Sent: Thursday, 21 February 2019 11:35 AM
To: Andrew Solomon <andrew.solomon@oaic.gov.au>; Amie Grierson
<amie.grierson@oaic.gov.au>
Cc: Elizabeth Hampton <elizabeth.hampton@oaic.gov.au>
Subject: Fwd: FOR INFORMATION: Whole of Government talking points V10 - Cyber Security
[DLM=For-Official-Use-Only]

Get Outlook for iOS

From: Media Operations <media@homeaffairs.gov.au>

Sent: Thursday, February 21, 2019 1:27 pm
To: Peter Wardle; Chris TEAL; Mark Simkin; Mark Simkin; ECANZ Secretariat; Tom Rogers; Cath
Patterson; Finance Media; Trevor Jones; Ramzi Jabbour (AFP); Julie Igglesden; Karl Hanmore; Neil
Gaughan (AFP); Tobias Feakin (DFAT); Angelene Falk; Cameron ASHE; Cameron Archer (DFAT);
Justin Bassi; Sandra Bradley; ian.nicholas@finance.gov.au; stein.helgeby@finance.gov.au;
jeff.pope@protected.aec.gov.au; timmc@agd.gov.au; vicki.middleton@communications.gov.au;
kathryn.mcmullan@ona.gov.au; peter.rush@pmc.gov.au; lucinda.atkinson@ag.gov.au;
jenny.allen@pmc.gov.au; MACGIBBON Alastair; kelly.manaog@finance.gov.au;
louise.bechtel@defence.gov.au; Charles Burnard (DFAT)
Cc: Media Operations; ACIC media; AFP National Media [AFP]; AGD Media; Ahmad SHAH; Alastair
MACGIBBON; ASD Assist; ASD Stratcomms; ASIO Media; Christopher ROBERTSON; Defence
Media; Media (DFAT); Greg MILLER; John HULIN; Kendra MORONY; PM&C Media; Tracy
HEFFERNAN; media@humanservices.gov.au; media@industry.gov.au;
communication@aph.gov.au; Katrina PULLEN; Alex ZOTTI; Rachel DAVIES; Kane MURRANT
Subject: FOR INFORMATION: Whole of Government talking points V10 - Cyber Security

For-Official-Use-Only
Good morning,

Please find attached version 10 of the Whole of Government talking points following the Prime
Minister’s statement this week on the recent cyber security incident.

Kind regards,

George Cross
FOIREQ19/00173 082
National Security and Crisis Communication

Portfolio Media and Engagement Branch
Department of Home Affairs
Ext: 659426 |Media Line: 02 6264 2244
Email: media@homeaffairs.gov.au
Important Notice: The content of this email is intended only for use by the individual or
entity to whom it is addressed. If you have received this email by mistake, please advise
the sender and delete the message and attachments immediately. This email, including
attachments, may contain confidential, sensitive, legally privileged and/or copyright
information.
Any review, retransmission, dissemination or other use of this information by persons or

entities other than the intended recipient is prohibited. The Department of Home Affairs
and ABF respect your privacy and have obligations under the Privacy Act 1988.
Unsolicited commercial emails MUST NOT be sent to the originator of this email.
FOIREQ19/00173 083
FOIREQ19/00173 084
For Official Use Only
• Political and government networks are persistent targets of malicious cyber activity.
• The Australian Government takes a proactive and coordinated approach to

protecting Australia’s sovereignty, economy and national security – particularly to
guard Australia’s networks from malicious cyber actors. That is why the
Government has invested in cyber security, including strengthening the Australian
Cyber Security Centre by bringing all of the Australian Government’s cyber security
capability together in one place (July 2018).
• We have also taken a proactive approach to protecting our elections from any
threats of foreign interference, including through the establishment of a multi-
agency electoral integrity assurance task force.
If asked: Who is behind this malicious cyber activity?
• Our cyber experts believe that a sophisticated state actor is responsible for this
malicious activity.
• It would be too early to speculate on the specific offender – our immediate focus
has been on securing the networks, protecting victims and conducting
ongoing investigations.
• Proper and accurate attribution of a cyber incident takes time and any attribution
would be done in a measured fashion.
• The public can rest assured that our security and intelligence agencies have
identified the malicious activity and are responding appropriately.
If asked: When did you discover the compromise? How long has the actor been
inside the networks? Are they now out of the network?
• As a matter of long standing practice, we do not comment on intelligence matters or

operational details, particularly when victims are involved. We are being as
transparent as we can be but that doesn’t include providing commentary on ongoing
operational detail.
• Our agencies are continuing to work with the parties to investigate the full extent of
the compromise. The necessary steps are being taken to secure the networks and
protect users.
If asked: How did the actor access the networks - through DPS?
• I can confirm the incidents are related but will not go into operational details.

FOIREQ19/00173 085
If asked: Is it a sophisticated attack?
• The actor was sophisticated enough to gain access to the networks but not
sophisticated enough to avoid detection.
If asked: Has this undermined upcoming elections?
• Our political system and our democracy remain strong, vibrant and protected.
• Multiple measures have been implemented including the establishment of a

taskforce that is protecting the integrity of our electoral system.
• There is currently no evidence of foreign interference in our electoral system.
• We, of course, would like to prevent as much malicious cyber activity as possible
but the key is to ensure our systems are resilient. We have detected this intrusion
and are dealing with it.
If asked: Is the electoral roll safe?
• We believe the electoral roll is safe, but as noted, investigations are ongoing.
Australians should be reassured that our Agencies discovered the breach of the
parties’ networks and acted decisively.
If asked: How significant was the penetration? Did the actor take anything
from anyone?
• At this stage there is no evidence of anything being stolen.
• All cyber intrusions are of course concerning. This incident again shows that
Australia and Australians are targeted by malicious actors. But we have resilient
systems in place to give us the best chance to detect such activity.
• The positive here is that we have appropriate systems in place and our agencies
have detected the activity and are securing the networks. This is about keeping our
public and institutions safe.
If asked: Did the actor get into other government systems?
• ASIO, the Australian Signals Directorate and Australian Cyber Security Centre are
working together around the clock to understand the full extent of this incident.
• It is early in the investigation. The necessary steps are being taken to secure the
networks and protect users.

FOIREQ19/00173 086
If asked: Do you expect sensitive or embarrassing material to be released by the

actor?
• At this stage there is no evidence of anything being stolen, and our focus is on
securing the networks.
If asked: Why did the Government decide to announce this incident now?
• The Government has chosen to be transparent about these matters.
• The decision to announce the cyber security incident is consistent with the intent to
take a proactive stance against malicious cyber activity.
• There is no evidence of foreign interference in our electoral system or evidence of

anything being stolen.
If asked: How will the Government respond if material is used to interfere with
elections?

If asked: Is this the same as the DNC hack?
• It would be too early to speculate on the precise nature of how these organisations
have been affected, our immediate focus has been on securing the networks and
protecting victims.
If asked: Have other entities been affected and can you rule out even more
compromises?
• Our immediate priority has been securing these networks and we are working to
understand the full extent of this incident.
• This is about ensuring we work with the victims so the appropriate action can be
taken and to inform the public of a security matter and to reassure them that action
is being taken.
If asked: You briefed these political parties about the risk in 2017. Why has this
incident occured?

FOIREQ19/00173 087
• We have been on the front foot when it comes to cyber security. Significant policies
and investments have been made to improve Australia’s resilience to cyber threats.
• The methods used by offenders are constantly evolving and Australia is constantly
exposed to cyber threats. And that’s why we must constantly evolve too.
• The parties have strengthened their cyber defences but no network is 100% secure.
Best practice is the ability to detect and remediate quickly, which is happening in
this case. This is a matter of preparing for both prevention and resilience.
If asked: Should the government provide more cyber security protection to political
parties?
• The Government has supported practical cross-agency initiatives to support the

integrity of our democratic institutions, including:
o the provision of $300,000 grants to the four largest parliamentary parties to

improve the security of voter information held by those parties; and
o the establishment of a taskforce that is protecting the integrity of our

electoral system.
• Protecting key public institutions from cyber threats is a key area of effort for the
Australian Cyber Security Centre, as part of the whole of economy focus.
If asked: Is the Government adequately prepared to respond to a serious

cyber incident?
• The Australian Cyber Security Centre (ACSC) has robust processes for responding
to all manner of cyber incidents.
• Noting the evolving threat environment, there are clear areas where we can
do more.
• The ACSC continues to working closely across governments, industry and

academia to ensure the Government’s cyber efforts keep pace with the fast
changing cyber environment.
If asked: What has the Government done to strengthen cyber security?
• Strengthening our cyber security capabilities has been a high priority for the
Government. Since 2013 we have:
o committed $230 million under the 2016 Cyber Security Strategy, including for
strong cyber defences and cyber security innovation
o this is in addition to the $300–400 million, over the next ten years,
announced in the 2016 Defence White Paper to improve Defence’s
cybersecurity capabilities

FOIREQ19/00173 088
o we’ve established the Australian Signals Directorate as a statutory

agency; and
o gathered all of our cyber security capability within the one location in the
Australian Cyber Security Centre (at Brindabella Park, July 2018) to enhance
integration and inter-operability.
If asked: Are Australia and its Five-Eyes partners conducting a global hunt
operation to find the hackers?
• Sharing intelligence as it relates to national security is standard practice in our long-

standing cooperation arrangements with our Five Eyes intelligence partners.
If asked: Should political parties be subject to data protection obligations under the
Privacy Act?
• Since 2000, the Privacy Act has contained an exemption for members of the
Australian Parliament, local government councillors and registered political parties,
and their volunteers and contractors, in relation to specified kinds of political acts
and practices.
• The exemption is designed to encourage freedom of political communication and

support the operation of the electoral and political process.
CLEARANCE
Cleared by Title Time/Date cleared
Kendra Morony AS CSPD, Home Affairs 0900, 21/02/2019

FOIREQ19/00173 089
From: Brenton Attard

To: Leadership
Cc: Lorraine Nurney
Subject: [For action] Commissioner briefs for April 2019 Budget Estimates hearing [SEC=UNCLASSIFIED]
Date: Tuesday, 5 March 2019 8:17:44 PM
Attachments: Commissioner brief - Sample Layout.DOCX
Importance: High
Dear Leadership,

As you may be aware, the OAIC is scheduled to appear before the April 2019 Budget Estimates hearing commencing on 4 April 2019.

Below are details on the required briefs.
s 22
TRIM link April

Brief topic Responsible officer
2019
s 22
s 22
s 22
Com brief - NDB overview Amie Grierson D2019/002125

s 22
FOIREQ19/00173 090
FOIREQ19/00173 091
From: Amie Grierson

To: Amanda Baird
Subject: FW: FOR INFORMATION: Whole of Government talking points V12 - Cyber Security [DLM=For-Official-Use-
Only]
Date: Wednesday, 20 March 2019 1:41:36 PM
Fwd FOR INFORMATION Whole of Government talking points V10 - Cyber Security DLMFor-Official-Use-
Only.msg
Fwd FOR INFORMATION Whole of Government talking points V9 - Cyber Security DLMFor-Official-Use-
Only.msg
Fwd FOR INFORMATION Whole of Government talking points V8 - Cyber Security Incident DLMFor-Official-
Use-Only.msg

Sent: Friday, 22 February 2019 10:10 PM
To: Amie Grierson <amie.grierson@oaic.gov.au>; Andrew Solomon
<andrew.solomon@oaic.gov.au>
Cc: Elizabeth Hampton <elizabeth.hampton@oaic.gov.au>
Subject: FW: FOR INFORMATION: Whole of Government talking points V12 - Cyber Security

Sent: Friday, 22 February 2019 5:06 PM
To: Peter Wardle <Peter.Wardle@defence.gov.au>; Chris TEAL
<Chris.Teal@homeaffairs.gov.au>; Mark Simkin <Mark.Simkin@defence.gov.au>; Mark Simkin
<Mark.Simkin@defence.gov.au>; ECANZ Secretariat <ECANZ.Secretariat@aec.gov.au>; Tom
Rogers <Tom.Rogers@aec.gov.au>; Cath Patterson <Cath.Patterson@pmc.gov.au>; Finance
Media <media@finance.gov.au>; Trevor Jones <Trevor.Jones@pmc.gov.au>; Ramzi Jabbour
(AFP) <ramzi.jabbour@afp.gov.au>; Julie Igglesden <Julie.Igglesden@aec.gov.au>; Karl Hanmore
<Karl.Hanmore@defence.gov.au>; Neil Gaughan (AFP) <Neil.Gaughan@afp.gov.au>; Tobias
Feakin (DFAT) <Tobias.Feakin@dfat.gov.au>; Angelene Falk <angelene.falk@oaic.gov.au>;
Cameron ASHE <Cameron.Ashe@homeaffairs.gov.au>; Cameron Archer (DFAT)
<Cameron.Archer@dfat.gov.au>; Justin Bassi <Justin.Bassi@ona.gov.au>; Sandra Bradley
<Sandra.Bradley@defence.gov.au>; ian.nicholas@finance.gov.au; stein.helgeby@finance.gov.au;
jenny.allen@pmc.gov.au; MACGIBBON Alastair <Alastair.MACGIBBON@defence.gov.au>;
Kelly.Manaog@finance.gov.au; louise.bechtel@defence.gov.au; Charles Burnard (DFAT)
<Charles.Burnard@dfat.gov.au>; 'david.george13@defence.gov.au'
<david.george13@defence.gov.au>
Cc: Media Operations <media@homeaffairs.gov.au>; ACIC media <media@acic.gov.au>; AFP
National Media [AFP] <afpnationalmedia@afp.gov.au>; AGD Media <media@ag.gov.au>; Ahmad
SHAH <AHMAD.SHAH@HOMEAFFAIRS.GOV.AU>; Alastair MACGIBBON
<Alastair.MacGibbon@homeaffairs.gov.au>; ASD Assist <asd.assist@defence.gov.au>; ASD
Stratcomms <asd.stratcomms@defence.gov.au>; ASIO Media <media@asio.gov.au>;
Christopher ROBERTSON <CHRISTOPHER.ROBERTSON@HOMEAFFAIRS.GOV.AU>; Defence Media
<media@defence.gov.au>; Media (DFAT) <Media@dfat.gov.au>; Greg MILLER
<GREGORY.MILLER@HOMEAFFAIRS.GOV.AU>; John HULIN <John.Hulin@homeaffairs.gov.au>;
FOIREQ19/00173 092
Kendra MORONY <KENDRA.MORONY@HOMEAFFAIRS.GOV.AU>; PM&C Media

<media@pmc.gov.au>; Tracy HEFFERNAN <TRACY.HEFFERNAN@HOMEAFFAIRS.GOV.AU>;
media@humanservices.gov.au; media@industry.gov.au; Communication@aph.gov.au; Katrina
PULLEN <KATRINA.PULLEN@HOMEAFFAIRS.GOV.AU>; Alex ZOTTI
<ALEXANDER.ZOTTI@HOMEAFFAIRS.GOV.AU>; Rachel DAVIES
<RACHEL.DAVIES@HOMEAFFAIRS.GOV.AU>; Kane MURRANT
<KANE.MURRANT@HOMEAFFAIRS.GOV.AU>
Subject: FOR INFORMATION: Whole of Government talking points V12 - Cyber Security

Good morning,


Kind regards,

George Cross
Ext: 659426 |Media Line: 02 6264 2244

Important Notice: The content of this email is intended only for use by the individual or entity to
whom it is addressed. If you have received this email by mistake, please advise the sender and
delete the message and attachments immediately. This email, including attachments, may
contain confidential, sensitive, legally privileged and/or copyright information.
Any review, retransmission, dissemination or other use of this information by persons or entities
other than the intended recipient is prohibited. The Department of Home Affairs and ABF
respect your privacy and have obligations under the Privacy Act 1988.
FOIREQ19/00173 093
FOIREQ19/00173 094

If asked: Who is behind this malicious cyber activity? Is it Iran, as suggested by the
Wall Street Journal?
malicious activity.

operational detail.
protect users.

FOIREQ19/00173 095

from anyone?
• At this stage it would be premature to comment on an ongoing operational matter.

Our intelligence and security agencies are still assessing this incident.

FOIREQ19/00173 096

actor?
• At this stage it would be premature to comment on an ongoing operational matter.
• Our focus is on securing the networks and keeping our public and institutions safe.
• We have resilient systems in place to give us the best chance to detect and
respond to malicious activity.
elections?
• The Government has been proactive in protective the integrity of our electoral
system, including establishing a dedicated taskforce.
• The Government has demonstrated that it is transparent about these matters when
they are discovered.
protecting victims.

FOIREQ19/00173 097
compromises?
is being taken.
incident occured?
parties?



electoral system.

cyber incident?
do more.

FOIREQ19/00173 098


agency; and

Privacy Act?
and practices.

CLEARANCE
Greg Miller FAS CSPD, Home Affairs 1700, 22/02/2019

FOIREQ19/00173 099
From: Angelene Falk

To: Andrew Solomon; Amie Grierson
Cc: Elizabeth Hampton
Subject: Fwd: FOR INFORMATION: Whole of Government talking points V10 - Cyber Security [DLM=For-Official-Use-
Only]
Date: Thursday, 21 February 2019 11:35:24 AM
Get Outlook for iOS


Sent: Thursday, February 21, 2019 1:27 pm
louise.bechtel@defence.gov.au; Charles Burnard (DFAT)
MACGIBBON; ASD Assist; ASD Stratcomms; ASIO Media; Christopher ROBERTSON; Defence Media;
Media (DFAT); Greg MILLER; John HULIN; Kendra MORONY; PM&C Media; Tracy HEFFERNAN;
media@humanservices.gov.au; media@industry.gov.au; communication@aph.gov.au; Katrina
PULLEN; Alex ZOTTI; Rachel DAVIES; Kane MURRANT
Subject: FOR INFORMATION: Whole of Government talking points V10 - Cyber Security [DLM=For-
Official-Use-Only]

Good morning,


Kind regards,

George Cross
Ext: 659426 |Media Line: 02 6264 2244
FOIREQ19/00173 100
Important Notice: The content of this email is intended only for use by the individual or entity
to whom it is addressed. If you have received this email by mistake, please advise the sender
and delete the message and attachments immediately. This email, including attachments, may

entities other than the intended recipient is prohibited. The Department of Home Affairs and
ABF respect your privacy and have obligations under the Privacy Act 1988.
FOIREQ19/00173 101
FOIREQ19/00173 102

malicious activity.

operational detail.
protect users.

FOIREQ19/00173 103

from anyone?

FOIREQ19/00173 104

actor?

elections?

protecting victims.
compromises?
is being taken.
incident occured?

FOIREQ19/00173 105
parties?



electoral system.

cyber incident?
do more.


FOIREQ19/00173 106

agency; and

Privacy Act?
and practices.

CLEARANCE
Kendra Morony AS CSPD, Home Affairs 0900, 21/02/2019

FOIREQ19/00173 107
From: Angelene Falk

Cc: Elizabeth Hampton
Subject: Fwd: FOR INFORMATION: Whole of Government talking points V9 - Cyber Security [DLM=For-Official-Use-Only]
Get Outlook for iOS


Sent: Wednesday, February 20, 2019 12:47 pm
louise.bechtel@defence.gov.au
Subject: FOR INFORMATION: Whole of Government talking points V9 - Cyber Security [DLM=For-
Official-Use-Only]

Good morning,

Minister’s statement this week on the recent cyber security incident. Updates have been
highlighted.

Kind regards,

George Cross
FOIREQ19/00173 108
Ext: 659426 |Media Line: 02 6264 2244



FOIREQ19/00173 109
FOIREQ19/00173 110

malicious activity.
has been on securing the networks, protecting victims and conducting ongoing
investigations.

operational detail.
protect users.

FOIREQ19/00173 111

If asked: How significant was the penetration? Did the actor take anything from
anyone?

FOIREQ19/00173 112

actor?

elections?

protecting victims.
compromises?
is being taken.

FOIREQ19/00173 113
incident occured?
parties?


o the establishment of a taskforce that is protecting the integrity of our electoral

system.
If asked: Is the Government adequately prepared to respond to a serious cyber

incident?
• Noting the evolving threat environment, there are clear areas where we can do
more.


FOIREQ19/00173 114

Privacy Act?
and practices.

CLEARANCE
Kendra Morony AS CSPD, Home Affairs 20 February 2019

FOIREQ19/00173 115
From: Angelene Falk

Subject: Fwd: FOR INFORMATION: Whole of Government talking points V8 - Cyber Security Incident [DLM=For-Official-
Use-Only]
Date: Tuesday, 19 February 2019 2:00:05 PM
Attachments: 20190219 WoG TPs cyber security incident (V8).docx
Get Outlook for iOS

Sent: Tuesday, February 19, 2019 1:03 pm
jenny.allen@pmc.gov.au; MACGIBBON Alastair; kelly.manaog@finance.gov.au
Subject: FOR INFORMATION: Whole of Government talking points V8 - Cyber Security Incident

Good afternoon,

Minister’s statement yesterday on the recent cyber security incident with an amendment to the
classification.

Kind regards,

George Cross
Ext: 659426 |Media Line: 02 6264 2244
FOIREQ19/00173 116

FOIREQ19/00173 117
FOIREQ19/00173 118

malicious activity.
has been on securing the networks, protecting victims and conducting ongoing
investigations.

operational detail.
protect users.

FOIREQ19/00173 119

If asked: How significant was the penetration? Did the actor take anything from
anyone?

FOIREQ19/00173 120

actor?
elections?

protecting victims.
compromises?
is being taken.
incident occured?

FOIREQ19/00173 121
parties?


o the establishment of a taskforce that is protecting the integrity of our electoral

system.
If asked: Is the Government adequately prepared to respond to a serious cyber

incident?
• Noting the evolving threat environment, there are clear areas where we can do
more.

CLEARANCE
Kendra Morony AS CSPD, Home Affairs 0905 19 February 2019

FOIREQ19/00173 122
From: Amanda Baird

To: Amie Grierson
Subject: RE: [SEC=UNCLASSIFIED]
Date: Wednesday, 10 April 2019 8:54:00 AM
Thanks Amie, I saw this. No one had carriage of this matter – s 42

Sent: Wednesday, 10 April 2019 8:35 AM
Subject: [SEC=UNCLASSIFIED]

Hi Amanda,

Who had the DPS stuff. Press clip today. https://www.itnews.com.au/news/asd-confirms-data-
stolen-in-parliament-it-breach-523595?
utm_source=feed&utm_medium=rss&utm_campaign=iTnews+

Thanks,

Amie
FOIREQ19/00173 123
Notifiable Data Breach Form
About this form

Notifiable Data Breach statement
This form is used to inform the Australian Information Commissioner of an

‘eligible data breach’ where required by the Privacy Act 1988.
Part one is the 'statement' about a data breach required by section 26WK of the Privacy Act. If you are required to
notify individuals of the breach, in your notification to those individuals you must provide them with the information
you have entered into part one of the form.
The OAIC encourages entities to voluntarily provide additional information about the eligible data breach in part two of
this form. Part two of the form is optional, but the OAIC may need to contact you to seek further information if you do
not complete this part of the form.
Before completing this form, we recommend that you read our resource What to include in an eligible data breach
statement.
If you are unsure whether your entity has experienced an eligible data breach, you may wish to review the Identifying
eligible data breaches resource.
The OAIC will send an acknowledgement of your statement about an eligible data breach on receipt with a reference
number.
You can save this form at any point and return to complete it within 3 days. To save your form, click on the Save For
Later button on the top right-hand corner of this form. If you do not submit your saved form within 3 days, your saved
information will be permanently erased.
Refreshing your browser will clear any information that you have not saved. If you need to refresh your browser while
completing this form and wish to keep your changes, please save the form first.
Your personal information

We will handle personal information collected in this form (usually only your name and contact details) in accordance
with the Australian Privacy Principles.
We collect this information to consider and respond to your breach notification. We may use it to contact you.
More information about how the OAIC handles personal information is available in our privacy policy.
Part one - Statement about an eligible data breach

FOIREQ19/00173 124
FOIREQ19/00173 125
FOIREQ19/00173 126
FOIREQ19/00173 127
FOIREQ19/00173 128
FOIREQ19/00173 129
FOIREQ19/00173 130

To: Andrew Solomon; Annan Boag
Cc: Angelene Falk
Subject: FW: Letter from Rob Stefanic (Secretary, Department of Parliamentary Services) [DLM=Sensitive]
Date: Wednesday, 5 April 2017 10:31:12 AM
Letter to Mr Pilgrim (OAIC) - 5 April 2017.pdf
image002.jpg
Hello

Please see attached letter. I discussed this issue with an Officer from the Department of Parliamentary Services last night.

To consider and discuss response.

Timothy

Timothy Pilgrim
Phone +61 2 9284 9601 | Fax +61 2 9284 9723


Sent: Wednesday, 5 April 2017 10:27 AM
To: Timothy Pilgrim <timothy.pilgrim@oaic.gov.au>
Subject: Letter from Rob Stefanic (Secretary, Department of Parliamentary Services)

Dear Mr Pilgrim

Please find attached a letter from Mr Stefanic regarding a recent incident impacting mobile numbers of a number of
parliamentarians, their staff and former prime ministers.

A hard copy of the letter will follow in the mail.

Kind regards
Jayne

Jayne Harrison
Executive Assistant to the Secretary, Mr Rob Stefanic
T: 02 6277 5027 | E: Jayne.harrison@aph.gov.au

FOIREQ19/00173 131
FOIREQ19/00173 132
FOIREQ19/00173 133
DBN17/00039 Baird, Amanda
08-Aug-2019 4:45 PM
Title
APH - Department of Parliamentary Services
Receipt Details
File Type: Privacy Received Date: 05-Apr-2017 12:00 AM
Sub Type: Voluntary Received By: Elphick, Amie
How Received: Registered Date: 13-Apr-2017 11:43 AM
Owned By: Baird, Amanda Registered By: Baird, Amanda
Closed Date: 27-Apr-2017 9:38 AM
Closed By: Baird, Amanda
Case Details
Stage: Closed
File Security: UNCLASSIFIED
Primary Client Group: Agency
Parent Case Entity Code: Data Breach Notification
Case PrimaryPerson: APH - Department of Parliamentary Services
DBN Date aware of incident: 20-Mar-2017
Case Outcome: no view required
Risk Rating: Low
Risk Rating Q2_A: Many (approx. 2-100)
MOU Flag: N/A
Date of Breach: 22-Dec-2016
Affected People Notified: Yes
Source of Breach (voluntary): Human error
Retention Class: OAIC RA 61986 (D2)
Child matter:: No
Case Parties - 2
Notified By Client: APH - Department of Parliamentary Services
Notified By Contact: Stefanic, Rob
Summary
R notified of a data breach involving current and former Parliamentarian mobile phone numbers being published in expense reports on the Australian Parliament House
website. R advised this was due to a change in protocol of its telecommunications contractor. R advised affected individuals notified and assistance offer, reports
removed from website and that Google has deleted cached records. R is in ongoing review with contractor to prevent reoccurence.
Thanked R for the information and asked for copy of review report once completed. NFA required.
Issues - 2
Issue Description: APP> APP 6 - Use or Disclosure CP
Is Primary Issue: Yes
Issue Type: Primary
-------------------------------------------------
Issue Description: APP> APP 11 - Security of Personal Information CP
Is Primary Issue: No
Issue Type: Primary
-------------------------------------------------
Actions - 10 (All Completed)
Action Owner Due Completed
Register Case Elphick, Amie 14-Apr-2017 13-Apr-2017
Move to DBN Allocation basket Elphick, Amie 14-Apr-2017 13-Apr-2017
Prepare and Send Acknowledgment Admin Officer 17-Apr-2017 13-Apr-2017, Elphick, Amie
Letter (DBN)
Allocate DBN (Assessment) Allocation - DBN 14-Apr-2017 19-Apr-2017, Tilbrook, Luke
Assess Data Breach Notification Tilbrook, Luke 20-Apr-2017 19-Apr-2017: Proceed with DBN
R has notified that mobile phone numbers of current and former parliamentarians, staff, and prime ministers, were published by a contractor on the APH website on 22
December 2016. R became aware the information had been published on 20 March 2017 by a journalist. R immediately removed the information from the website,
contacting search engines to remove any cached versions. R also contacted the affected individuals, providing advice on changing numbers and dealing with unwanted
calls. R is working with the contractor to prevent disclosure from reoccurring, and to determine how the situation occurred.
Please contact R to request any further info
of how the situation occurred and of any further action R is taking with contractor to minimise reoccurance.
Allocate Case (DBN) Tilbrook, Luke 20-Apr-2017 19-Apr-2017

Prepare Acknowledgment (DBN) Baird, Amanda 20-Apr-2017 24-Apr-2017
Await Manager Approval of Ack Letter Solomon, Andrew 26-Apr-2017 26-Apr-2017: Approved
(DBN)
FOIREQ19/00173 134
FOIREQ19/00173 135
DBN19/00701 Baird, Amanda
08-Aug-2019 4:46 PM
Title
APH - Department of Parliamentary Services
Receipt Details
File Type: Privacy Received Date: 29-Jul-2019 2:50 PM
Sub Type: NDB Received By: Web Queue
How Received: Registered Date: 29-Jul-2019 4:20 PM
Owned By: Allocation - DBN Registered By: Allocation - DBN
Case Details
How Received: Website
File Security: UNCLASSIFIED
Primary Client Group: Agency
Parent Case Entity Code: Data Breach Notification
Case PrimaryPerson: APH - Department of Parliamentary Services
SmartForm Number: 20755831
Is Web Case: Yes
SmartForm XML: ...
Web Case Data: DBN 24-
Date Jul-
aware of 2019
incident:
Confidential Informant: No
Date of Breach: 22-Jul-2019
Source of Breach (voluntary): Malicious or criminal attack
DBN NDB Global number of 1
people affected:
DBN NDB Kind(s) of personal Financial details
information involved:
DBN NDB Exact global number of 1
people affected:
DBN NDB Description of action Contacted individual to advise of need to change passwords to any other sites where that password...
taken to assist:
DBN NDB Description of action Website blocks placed on domains associated with breach.
taken to prevent:
DBN NDB Description of eligible Disclosure of individuals personal information to a scammer as a result of a phishing campaign
data breach:
DBN NDB Description of how the Individual received email purporting to be from financial institution advising accounts had been ...
data breach occurred:
DBN NDB How do you intend to Individual already notified by phone
notify individuals:
DBN NDB Recommended Steps: Contact the financial institution to place holds on accounts, reissue cards and reset credentials...
DBN NDB Kinds of personal Netbanking logon details
information involved text:
DBN NDB Other entities affected Yes
YN:
Case Parties - 3
Notified By Client: APH - Department of Parliamentary Services
Notified By Contact: Walker, John
Relevant Person: CBA - Commonwealth Bank of Australia Limited
Summary
Confirm details of notification
Actions - 4 (1 Open, 3 Completed)
Action Owner Due Completed
Register Case (NDB) Web Queue 30-Jul-2019 30-Jul-2019, Gouvatsos, Joseph
Send acknowledgement (NDB) Web Queue 31-Jul-2019 30-Jul-2019, Gouvatsos, Joseph
Move to DBN allocation (NDB) Web Queue 31-Jul-2019 30-Jul-2019, Gouvatsos, Joseph
Allocate assessment (NDB) Allocation - DBN 31-Jul-2019
Documents - 4
Title Date Added By
form-data.xml 29-Jul-2019 4:20 PM Gouvatsos, Joseph
form-receipt.pdf 29-Jul-2019 4:20 PM Gouvatsos, Joseph
NDB Acknowledgement Letter 30-Jul-2019 8:41 AM Gouvatsos, Joseph
DBN19 00701 2019-07 NDB Acknowledgement Letter [SEC=OFFICIAL] 30-Jul-2019 8:42 AM FOIREQ19/00173
Gouvatsos, Joseph 136
FOIREQ19/00173 137
Commissioner brief: DPS cyber incident
Key messages
• The OAIC understands that the Department of Parliamentary Services (DPS) has experienced a
cyber incident involving the parliamentary computing network, and is receiving assistance from
the Australian Signals Directorate (ASD) and the Australian Cyber Security Centre (ACSC).
• The OAIC has not received a data breach notification from DPS. The DPS is exempt from the
operation of the Privacy Act and therefore from the Notifiable Data Breaches (NDB) scheme.
• However, this incident is a timely reminder for Australian Government agencies and organisations
to ensure they have robust information security measures in place to protect their personal
information holdings from data breaches and in particular, cyber security incidents.
• One of the key trends in notifications under the NDB scheme has been the increase in malicious or
criminal attacks involving personal information. As our latest quarterly statistical report sets out,
malicious or criminal attacks account for the majority of data breaches notified to the OAIC. Of
these kinds of attacks, most are the result of a cyber security incident.
Critical facts
• On 8 February 2019, media reports indicated that the Parliament computer network, maintained
by DPS, was subject to a cyber incident. 1
• The OAIC understands that the network is used by parliamentarians and their staff at both
Parliament House, electoral offices, interstate Commonwealth parliamentary offices as well as
DPS itself.
• DPS has publicly stated that it has reset the passwords for all participants in the network, and is
further investigating the data breach ‘in conjunction with the relevant security agencies’.
s 42
1
https://www.itnews.com.au/news/security-breach-strikes-parliaments-it-network-519035
Page 1 of 2
s 42 FOIREQ19/00173 138
• On 7 March 2019, DPS made a submission to the Joint Committee of Public Accounts and Audit
regarding its Cyber Resilience inquiry. 2 DPS’s submission confirmed that, in relation to the ACSC’s
Essential Eight strategies to mitigate cyber security incidents:
o it has implemented the Top Four strategies, with a priority program in place to obtain
maturity level 3 within the next 12 months
o of the remaining four strategies, ‘one has been fully implemented, one has been
implemented to level of approximately 70% and one is currently in pilot’
o the remaining Essential Eight strategy has not been implemented ‘due to the impact this
would have on the flexibility of systems and software used by parliamentarians’. DPS
advised this was being risk managed.
Document history
Updated by Reason Approved by Date
Amanda Baird April 2019 Senate n/a 18/3/2019
Estimates
2
https://www.aph.gov.au/Parliamentary_Business/Committees/Joint/Public_Accounts_and_Audit/CyberResilience/Submis
sions
Page 2 of 2

FOIREQ1900173 Documents - Redacted

Caricato da

Informazioni sul documento

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

FOIREQ1900173 Documents - Redacted

Caricato da

Copyright:

Formati disponibili

FOIREQ19/00173 001

From: Amanda Baird

Our reference: DBN17/00039

Thank you for drawing this incident to the OAIC’s attention.

From: Office Of The Secretary (DPS)

From: Amanda Baird

Hi Annan and Andrew

of this information is unauthorised. If you have received this email in

From: Annan Boag

From: Amanda Baird

T: 02 6277 2507 | E: linda.craige@aph.gov.au

From: Annan Boag

From: Amanda Baird

From: Timothy Pilgrim

From: Annan Boag

Subject: FW: HPRM: DBN17/00039 - Department of Parliamentary Services [SEC=UNCLASSIFIED]

From: Office Of The Secretary (DPS)

From: Amanda Baird [mailto:amanda.baird@oaic.gov.au]

From: Amanda Baird

Our reference: DBN17/00039

WARNING: The information contained in this email may be confidential.

From: Amanda Baird

From: Amie Grierson

From: Amie Grierson

| | | Subscribe to OAICnet newsletter

From: Angelene Falk

| | | Subscribe to OAICnet newsletter

From: Elizabeth Hampton

| | | Subscribe to OAICnet newsletter

From: Amanda Baird

Sent: Wednesday, 13 February 2019 4:54 PM

| | | Subscribe to OAICnet newsletter

From: Amie Grierson

relevant electoral commissions.

From: Amie Grierson

From: Media Operations <media@homeaffairs.gov.au>

National Security and Crisis Communication

Any review, retransmission, dissemination or other use of this information by persons or

For Official Use Only

• The Australian Government takes a proactive and coordinated approach to

If asked: Who is behind this malicious cyber activity?

• As a matter of long standing practice, we do not comment on intelligence matters or

For Official Use Only

For Official Use Only

If asked: Is it a sophisticated attack?

If asked: Has this undermined upcoming elections?

• Multiple measures have been implemented including the establishment of a

• There is currently no evidence of foreign interference in our electoral system.

If asked: Is the electoral roll safe?

• At this stage there is no evidence of anything being stolen.

If asked: Did the actor get into other government systems?

For Official Use Only

For Official Use Only

If asked: Do you expect sensitive or embarrassing material to be released by the

• The Government has chosen to be transparent about these matters.

• There is no evidence of foreign interference in our electoral system or evidence of

• Multiple measures have been implemented including the establishment of a

If asked: Is this the same as the DNC hack?

For Official Use Only

For Official Use Only

• The Government has supported practical cross-agency initiatives to support the

o the provision of $300,000 grants to the four largest parliamentary parties to

o the establishment of a taskforce that is protecting the integrity of our