Personal details of world leaders at last November’s
G20 Summit in
Brisbane were accidentally sent to organizers of the Asian Cup football tournament by the Australian immigration department through the use of Outlook's autofill function,
The Guardian reported Monday.
While the leak was inadvertent and deemed ultimately low-risk, the breach highlights data security concerns that have become a global issue as businesses, educational institutions, and other organizations proved vulnerable over the last few years to both cyber attacks and accidental personal data disclosures – some of which could have been easily prevented.
 |
Dictators get a healthy dose of privacy breach; how does it feel now? |
Names, dates of birth, titles, passport numbers, and visa grant numbers were among the data disclosed after an immigration employee “failed to check that the autofill function in
Microsoft Outlook had entered the correct person’s details into the email ‘To’ field,” an officer in
Australia’s Department of Immigration and Border Protection wrote
in an email, dated Nov.7, 2014, to the office of the nation’s privacy commissioner.
 |
Not amused: Vladimir Putin |
“The cause of the breach was human error,” according to the letter.
Security researchers have warned of the potential dangers of autofill, a setting that lets a browser or app use stored data to automatically fill out forms, because when combined with the human tendency to err, the consequences of such convenience can range from embarrassing to dire.
Two years earlier, a
UK police officer
sent a file containing thousands of confidential criminal records checks to a local journalist, whose email had been saved after it was used to submit previous Freedom of Information requests.
Google warns users: “It's important that you use Autofill only on websites you trust, as certain websites might try to capture your information in hidden or hard-to-see fields.”
“AutoFill is a feature that requires exchanging some security and privacy in favor of convenience,” tech analyst Tony Bradley
wrote for PCWorld in 2010.
A quick way to avoid potential trouble is to disable the feature on browsers:
Google Chrome has it under the “Passwords and forms” in its advanced settings options, while
Firefox has it in its “Privacy” panel.
There are also middle-ground options:
iPad and
iPhone users, for instance,
can limit autofill to contact information while disabling the use of names and passwords.
The best advice is, however, is to exercise care and good judgment.
“I am not suggesting that everyone abandon AutoFill and go back to tediously typing in the same information every time the need arises,” Mr. Bradley wrote. “I am, however, advocating that IT admins and users in general understand that the same features that provide convenience for the user also make it more convenient for an attacker to breach or compromise the data stored there.”
A related but separate issue that the Australian immigration department is facing in the G20 leak is its decision not to disclose the breach to the world leaders involved, reasoning that the unauthorized recipient had immediately deleted the message and emptied his deleted items folder, and that “the risks of the breach are considered very low."
“Only last week the government was calling on the Australian people to trust them with their online data,” one senator told The Guardian, “and now we find out they have disclosed the details of our world leaders."
This news bureau
contains copyrighted material the use of which has not always been specifically
authorized by the copyright owner. We are making such material available in our
efforts to advance understanding of environmental, political, human rights,
economic, democracy, scientific, and social justice issues, etc. We
believe this constitutes a 'fair use' of any such copyrighted material as
provided for in section 107 of the US Copyright Law. In accordance with Title
17 U.S.C. Section 107, the material on this site is distributed without profit
to those who have expressed a prior interest in receiving the included
information for research and educational purposes.