Australian internet security has once again come under the spotlight with the Australian Competition and Consumer Commission (ACCC) today announcing a privacy breach across a number of its websites.
According to a statement released this afternoon on the ACCC's news website: "The ACCC has today become aware of a breach of personal data collected from some of its websites. The affected websites are Recalls Australia, Product Safety Australia, SCAMwatch and the ACCC Public Registers website."
All four websites feature the Australian Government ".gov.au" domain, and are used by both consumers and businesses — Recalls Australia, for example, offers updates on products being pulled from shelves because of safety risks, while SCAMwatch allows individuals to confidentially report banking and identity theft scams.
According to the ACCC, the email addresses of some people who subscribe to information alert services on these websites were "inadvertently made accessible online".
"They were not indexed by search engines or linked from a web page on our sites," the statement continued. "They could only be found if specific URLs were tried. The ACCC resolved this issue as soon as it became of aware of it to prevent further access to the email addresses.
"The ACCC is investigating how this issue occurred and is reporting this breach to the Office of Australian Information Commissioner.
"It is not yet clear to the ACCC how many users have been affected or how long this has been an issue. The ACCC takes the issue of privacy, including any breaches, very seriously and apologises to affected users."
While the ACCC was not offering further comment on the matter, a spokesperson for the commission confirmed that the privacy breach was unrelated to the Heartbleed OpenSSL security bug discovered in recent days.