Incident: Hundreds of classified Home Affairs documents believed sent to unsecured address in ‘serious’ breach of security protocols | ABC News Australia
Australian Data Breach Incident, 30 May 2022
Hundreds of classified Home Affairs documents believed sent to unsecured address in ‘serious’ breach of security protocols
Contractor said to have sent classified documents to his personal email address was allowed to work in another federal government department after the cybersecurity breach
Related incidents from Australian Department of Home Affairs and the Australian Government.
A Department of Home Affairs (DHA) contractor suspected of illegally sending classified documents to an unsecured location was allowed to continue working in the public service.
The man is alleged to have stripped the “classified” status from files relating to 500 departmental projects, before forwarding them to his personal email address to access at home.
A figure familiar with the “serious” breach of security protocols told the ABC the contractor removed the classification ratings from documents so his actions did not trigger an internal departmental alert system.
One of the man’s former colleagues says he held a NV1 (negative vetting level 1) security clearance, which allowed him ongoing access to view secret documents, in addition to temporary, supervised access to top-secret information.
His unauthorised activity is believed to have taken place from as early as 2020 until the man’s contract ceased in June 2021, and to have involved projects across the Home Affairs portfolio, including Australian Border Force data.
The Department of Home Affairs then referred the case to the Australian Government Security Vetting Agency (AGSVA), which is the central vetting agency for the Australian Government and conducts security clearance assessments.
The man was later hired for contract work with another large federal government department on project management, despite several former colleagues within DHA’s intelligence branch declining to provide personal references.
Altering Commonwealth records without approval is a breach of the Commonwealth Crimes Act and a breach of the Department of Home Affairs’ internal security instructions
