Incident: Human error, not data breach, behind Port Arthur staff information appearing ‘live’ on library website | ABC News (Australia)
Australian Library Data Handling Incident, 20 June 2023
Human error, not data breach, behind Port Arthur staff information appearing ‘live’ on library website
Personal information exposed comprised dates of birth, resumes, addresses, school records and telephone numbers.
View more incidents from State Government sector and Tasmania.
Authorities say hundreds of records from the Port Arthur site which “went live” on the Libraries Tasmania website for six weeks did not contain information relating to the 1996 massacre.
About 560 records from the site which were transferred to Tasmanian Archives — part of Libraries Tasmania — went live on the archives’ website on May 5 and were removed last Friday.
The Port Arthur Historic Site Management Authority (PAHSMA) chief executive Will Flamsteed said there had been a “careful review” and that “to the best of our knowledge” the records did not relate to the massacre or general visitors to the site.
However, information on one record involving ghost tour guides contained personal data including birth dates, addresses and phone numbers.
In a statement, Mr Flamsteed said the incident was caused by human error and was not a cyber attack.
“The reason these digital records were unfortunately made live on Libraries Tasmania’s website was due to human error at State Archives,” he said.
“While some employee information was unfortunately temporarily made live, this did not contain tax or banking information.”
The incident involved “only a few of the files” containing personal data with most related to conservation work at the site.
“The records concerned spanned from 1979 to 2006 and included a mix of conservation, archaeology, land management and administration files, some of which includes staff related matter and some personal details,” he said.
“Ninety five of the records were accessed between 5 May and 15 June 2023 while the information was accessible online. Most have been viewed once or twice. One record has been viewed more than 8 times.
“The personal information on the record comprised dates of birth, resumes, addresses, school records and telephone numbers.
