NSW data breach sees more than 500,000 QR code check-in addresses published
The NSW opposition is calling for the privacy commissioner to conduct a fresh inquiry into a breach of COVID-19 QR code data by the state government.
Nine News revealed on Monday more than 500,000 addresses including those of domestic violence shelters and defence sites were inadvertently published on a state government website.
The data, collected by the NSW Department of Customer Service when organisations registered as COVID Safe, was discovered online in September by a technology specialist.
The NSW government has said it informed the privacy commissioner a day after it was notified that sensitive information was in the public domain, and it was taken down.
While the government said the commissioner “determined the incident did not constitute a privacy breach”, opposition customer service spokesperson Yasmin Catley said on Tuesday there should be another review, describing the blunder as a “real critical incident”.
“This is a government who is breaching its relationship and its confidence with the community,” Ms Catley said. “They need to tell us who knew what, when and why the Premier himself was not aware of this very significant breach.”
Premier Dominic Perrottet said on Monday he was made aware of the issue that morning and the bungle “shouldn’t have happened”.
State Opposition Leader Chris Minns said it was “completely unacceptable for the NSW Premier not to be told about it”.
“If I were him, I’d be demanding to know how there’s a major data breach,” he said.
The Department of Customer Service has said it “considers the security and privacy of customer information its highest priority”.
COVID Safe registration was open to all businesses, including those in other states and territories that had interests in NSW. Addresses of organisations in Western Australia, Queensland, Victoria, South Australia and the ACT were also in the dataset inadvertently made public.
The department has said less than 1 per cent of the 566,318 addresses were “identified as potentially sensitive”.
By Jonathan Kearsley
Appeared on fml.lol