It’s hard to believe the nation’s peak Internet crime fightingagency, the Australian High Tech Crime Centre (AHTCC) doesn’tencrypt all files.
But according to media reports, banking details of thousands ofAustralians were exposed last year when an Australian FederalPolice (AFP) agent lost information on a memory stick.
The device, with details of 3500 customers from 18 banks, waslost between Sydney and London and the AHTCC, whose members aredrawn from the AFP, elected not to advise customers of the databreach.
SIFT Pty Ltd.’s Information Security Services principalconsultant Nick Ellsmore said the use of USB drives isn’t the mainissue, but the real problem is lack of password protection andencryption.
“Using these devices is fine as long as data is encrypted, it isno different to encrypting e-mail,” Ellsmore said, adding that thebiggest problem with USB drives is information theft byemployees.
The media report said the officer had broken several rules abouttransporting classified information.
“It is a classic example of how you can have all the standardsand technology in the world; but it is of little use if policiesare not followed by users,” Ellsmore said.
Asked about procedures and the use of encryption, an AHTCCspokesperson said the agency was unable to comment immediately.
More details are expected to be made available by the AFP latertoday.
Only last week, there was a flurry of new data breachesdisclosed including ING Financial Services Corp., Union PacificCorp. and the AIG Inc..
The latest disclosures bring to more than 190 the number of suchincidents reported since the ChoicePoint breach in February 2005according to a list maintained by the Privacy RightsClearinghouse.