The Australian Federal Police (AFP) faces embarrassment today after it emerged that authorities accidentally published highly sensitive information pertaining to criminal investigations and telecommunications interception activities.
According to The Guardian, the AFP released information that included the address of a target subject to surveillance, the types of criminal investigations and offences being investigated, the names of police officers that are not publicly available and other identifying information including the phone number of an individual connected to an investigation.
Greens senator Scott Ludlam, who also inadvertently published the documents and was notified by Guardian Australia of the breach, said: “We’ve withdrawn those documents from our website as soon as we became aware that they might compromise the integrity of an investigation.”
He added: “It doesn’t do much for your confidence that this is an agency that is arguing strenuously for a mandatory data retention regime that they let this document go without realising it.
“We’ll be seeking their advice about whether they’ll be providing us with clean copy of the documents.”
The privacy commissioner, Timothy Pilgrim, said: “The retention of large amounts of personal information for an extended period of time increases the risk of a data breach.
“Organisations holding this information need to comply with all their obligations under the Privacy Act, including the requirements to protect personal information from misuse, interference, loss, and unauthorised access, modification or disclosure.”
According to Zdent, this is not the first time that a government agency has accidentally published sensitive data online, with the Department of Immigration and Border Protection accidentally publishing the details of 10,000 asylum seekers earlier this year in its push to get immigration data online by a deadline.
In February, the full names, nationalities, locations, arrival dates, and boat arrival information of the asylum seekers, housed both on the Australian mainland and Christmas Island, was accidentally published online by the department.
Like the AFP metadata documents, they were removed only after the department was alerted of the breach.