The loss of control of your information and it getting into the public domain is not always a cyber attack – many times it is simply a mistake by your team. It has happened to the Australian telecommunications company Telstra:
Telstra sorry for publishing up to 130,000 customers’ details online | The Guardian
In this case the people working on a backend database made a mistake which exposed unlisted data on a public facing system. Australia has seen a number of high profile cyber attacks recently, with Medibank and Optus being hacked and the personal information of millions of customers being exposed or even posted on the Dark Web. However a simple mistake by a team member can be just a devastating for the customer whose information is exposed.
It happens to councils and police forces in the UK who accidentally release citizen’s personally identifiable information into the public domain.
Suffolk Police apologies after publishing highly sensitive information on its website – UPDATED
Remember once the confidential information is on the internet, no matter how sincere your apology is, it is next to impossible to delete it. You may fix the original leak but you do not know who copied that data and what they plan to do with it?
What should you do?
Here are two quick things I always start with when working with clients:
- I check who has access to what information. It is an unusual case if we DO NOT find that highly sensitive data is available to people who have no need of it in their daily duties. Most times it is an easy fix to correct this.
- I check that the team has been trained in the organisation’s policy on sharing information marked as sensitive, with the line manager responsible for controlling that information. A simple written policy is not sufficient.
Act now before you let slip sometime you need to keep secret.
Clive Catton MSc (Cyber Security) – by-line and other articles
Further Reading


