Tasmanians' details stolen in TEC breach

Contact details of an estimated 4000 Tasmanians who had applied for an express vote in the recent state and legislative council elections were stolen in a data breach, the Tasmanian Electoral Commission has warned.

The breach affected Spanish online form-building company Typeform, which has been providing technology for the TEC for some election services since 2015.

An unknown attacker last month downloaded a backup file that included data collected through five forms on the TEC website.

This included names, emails and date of birth information provided during the express vote application process, as well as public data such as candidate statements for a local government by-election.

The TEC has promised to re-evaluate its collection procedures and internal security around its storage of electoral information. The commission will also contact electors believed to have been impacted by the breach in the coming days.

The stolen data has no connection to the state or national electoral rolls.

Trend Micro ANZ Country Director Ashley Watkins said the incident, coming so soon after the PageUp data breach, shows that cybercriminals are increasingly targeting third-party suppliers that could have less stringent security controls in place than their customers.

“With such sensitive personally identifiable information at risk, it’s crucial that organisations go above and beyond to manage and secure the flow of data with their suppliers,” he said.

“This should include mapping their data to understand where it is and what any third party does with it, and exercising due diligence with all third parties that collect or process data for them, to gauge their security posture and breach reporting policies.”

Image credit: ©James Thew/Dollar Photo Club

Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.