Incident: Portal flaw leads to some NDIS users losing money | iTWire

Posted by Steven Kirby | Sep 11, 2018 | Australia, Australian InfoSec Incident, Australian InfoSec Incidents 2018, CyberCrime, Federal Government, iTWire, Medical and Health Care | 0 |

Australian Information Security Incident Reported: September 11 2018

A vulnerability in the service portal for the National Disability Insurance Scheme has allowed a number of providers to obtain personally identifiable information of users and steal money.

The flaw allowed any user or registered provider to gain access to random support pages for users by guessing a nine-digit plan number. Companies could then bill these users and receive payment right away.

In a statement, the National Disability Insurance Agency, the organisation running the scheme, said its Fraud Taskforce had identified “a small number of providers who may be seeking to exploit the NDIS”.

Source: iTWire – Portal flaw leads to some NDIS users losing money

About The Author

Steven Kirby

I provide independent and practical consultancy services through raising awareness and fostering the energy for change that delivers improved business management of information security governance, risk and compliance.

Leave a ReplyCancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Please follow the Source link to the original article to support the content owner. We only provide a brief summary with metadata to assist in categorisation.

More Australian News

[wp_rss_retriever url="https://flipboard.com/@stevenkirby/australian-information-and-cyber-security-news-63aijhrgy.rss" items="10" excerpt="30" source="false" read_more="true" new_window="true" thumbnail="150" cache="6 hours"]

Featured

Incident: Ascot Vale Health Group targeted by Global ransomware group | CyberDaily.au

Featured

Incident: RISE Racing confirms Sarcoma ransomware attack | CyberDaily.au

Incident: MKA Accountants confirms Qilin ransomware attack | CyberDaily.au

Incident: NSW court website involved in major data breach, 9,000 documents downloaded | ABC News (Australia)

Incident: Brydens Lawyers suffers alleged 600GB data breach following ransomware attack | cyberdaily.au

Featured

Audit: NSW's local government audit found that 47% of councils did not have a cyber security plan | kirbyidau.com

Featured

Audit: Australian Senate Estimates reveals 435 Chinese-made surveillance devices found at defence sites

Audit: Western Australia Auditor General's Local Government Information Security Audit 2021-22 reports 324 control weaknesses

Audit: Western Australia Auditor General's State Government Information Systems Audit 2021-22

Audit: Queensland Audit Office's State Entities 2022 reports deficiencies in information systems

Featured

Quote: John Chambers "There are two types of companies...."

Featured

Quote: Alex Webling "If we wish to have any hope of beating the bad guys at the cyber game...."

Quote: Denis Waitley "Expect the best, plan for the worst, and prepare...."

Quote: Willa Cather "No one can build his security upon...."

Quote: Meera Srinivasan "Home is where the Heart is ..."

Incident: Portal flaw leads to some NDIS users losing money | iTWire