Australian Government Privacy Breach: September 30 2020

DFAT admits email addresses of almost 3,000 Australians stranded overseas released in breach

Addressees were mistakenly listed in the ‘to’ field, rather than ‘bcc’, making them visible to other recipients.

Source: DFAT admits email addresses of almost 3,000 Australians stranded overseas released in breach | The Guardian
More reports from: The Guardian.

Dfat has admitted it inadvertently revealed the email addresses of almost 3,000 vulnerable Australians stranded overseas in a data breach that has been labelled a “complete stuff-up”.

The travellers affected constitute 7% of those Australians stuck overseas who have registered with the department of foreign affairs

The addresses were included in an email sent to multiple recipients before midday on Wednesday by the Covid-19 consular operations section of Dfat.

The message notified recipients that interest-free loans were available for “the most vulnerable Australian citizens whose return to Australia has been impacted by the restrictions arising from Covid-19”.

The foreign affairs department on Thursday afternoon said it “apologised for the inadvertent disclosure of the email addresses of 2,727 people”. The addressees were mistakenly listed in the ‘to’ field, rather than ‘bcc’, making them visible to other recipients.