Australian Privacy Breach, 13 March 2021

Ex-worker who was investigated over child sex offences accessed sensitive data 260 times including after leaving the job

Child welfare advocates say unauthorised data access puts children at risk

Source: Ex-worker who was investigated over child sex offences accessed sensitive data 260 times in major breach | ABC News (Australia)
More reports from ABC News (Australia)
More Sources: Ex-contractor accessed Vic govt IT system 260 times a year after leaving | iTnews
Other Breaches related to Victoria, also incidents around the threats posed from Access Control failures.

A former caseworker who was investigated for an alleged child sex offence managed to access confidential information on a program for vulnerable kids for months after leaving their job, a report from Victoria’s privacy regulator has found.

The Office of the Victorian Information Commissioner’s (OVIC) made the revelation in its investigation [pdf] into the data breach.

They worked as a contractor between April 2016 and September 2017, but then continued to access data, including sensitive personal details on 27 clients, after leaving the job.

The worker’s data access was finally revoked in October 2018, many months after they had left the job.

In a statement, OVIC said the investigation also contained lessons for Victorian public sector organisations on managing personnel security risks by maintaining robust off-boarding processes.

Offboarding is the process formally separating an employee and an employer due to resignation, termination, or retirement.