Note: Where available, the PDF/Word icon below is provided to view the complete and fully formatted document
Disclaimer: The Parliamentary Library does not warrant or accept liability for the accuracy or usefulness of the transcripts. These are copied directly from the broadcaster's website.
NSW Government website hacked? -

View in ParlViewView other Segments

NSW Government website hacked?

The World Today - Tuesday, 27 January , 2009 12:46:00

Reporter: Nick Lucchinelli

ELEANOR HALL: The New South Wales Government is refusing to confirm that its official employment
site has been hacked but it has been out of action for several days.

Now digital security experts say they are concerned that the privacy of thousands of people has
been compromised.

And the NSW Public Service Association is warning that the Government website contains personal
information, including critical financial records, that could be used by hackers.

Nick Lucchinelli reports.

NICK LUCCHINELLI: Catherine Parrott's been looking for a job with the NSW public service for some
time.

She registered with its official job seeker website, jobs.nsw.gov.au, providing important personal
information including her date of birth, employment history, address and resume.

Then last week she received an email from the service advertising a position that bore very little
resemblance to the Government job she was after.

CATHERINE PARROTT: I received an email and the email content was typically spam advertising for the
perfect job for you, you get 10 per cent, up to 50 per cent commission, reply to this now. It was a
very dodgy looking email and I normally just delete them. What I noticed particulary about this was
it was sent from Jobs at New South Wales, so someone's obviously hacked into their system.

NICK LUCCHINELLI: Annoyance turned to concern as Ms Parrott realised her personal information may
have been accessed.

CATHERINE PARROTT: I just would have assumed that going through the Government they would have
proper security in place so that this doesn't happen. It's the same as if I'd applied athrough
seek.com, they require you to upload your information from your computer to them. You give them all
of your personal details, phone numbers everything about you and your employment record history.
It's a lot of sensitive information. I wouldn't like anyone to get that.

NICK LUCCHINELLI: The New South Wales Commerce Department has neither confirmed nor denied the site
has been tampered with, but it has been shut down for several days, claiming to be closed for
maintenance. The front page also advises customers who may have received uninvited job ads, to
delete them.

But the unions say the department needs to be doing more to assure its customers their privacy is
protected.

Ayshe Lewis is the acting secretary of the NSW Public Service Association.

AYSHE LEWIS: Our members apply for jobs through the Government website, they provide a lot of
personal information on their CVs we're very concerned this information is in the hands of hackers
and could be used to access their bank accounts, their credit card information.

NICK LUCCHINELLI: Professor Bill Caelli from Queensland's University of Technology is a digital
security expert.

He says Australian governments need to follow the lead of the United States, where military style
computer security has become the norm for digital health and employment records.

BILL CAELLI: Nothing's 100 per cent perfect but of course what we're doing is, we're raising the
bar quite substantially with these flexible mandatory systems and then we're making it extremely
difficult. Now if we couple that with what we call encryption or scrambling of that data in the
system itself then we're really getting up to about 99 per cent surety which is the best we can
possibly do.

NICK LUCCHINELLI: Professor Caelli says improving e-security needn't be prohibitively expensive,
but will require substantial re-education.

ELEANOR HALL: Nick Lucchinelli reporting.