Australian Information Security Incident Reported: December 19 2018

Queensland’s corruption watchdog the Crime and Corruption Commission (CCC) has told the state’s corrective services agency to replace its offender management system after uncovering occasions where it was used by staff to extort prisoners.

It found the integrated offender management system (IOMS) used to perform case management for Queensland Corrective Services’ (QCS) lacked “appropriate access and use controls, and audit functionality”.

This means custodial correctional officers (CCO) are able to “view personal information about any prisoner”, with audit functionality unable to “systematically or accurately determine whether access to particular information is necessary or appropriate to the staff member role”.

Source: Queensland’s offender IT system used to extort prisoners