Kicksec’s Data has been breached – again
Glossed over the email from Firstmac on Friday, reporting that my data has been gathered in a “limited” cyber security breach of their systems, limited now days includes sensitive citizen data clearly.
Firstly I do appreciate the “heads up” that’s 1 point for Firstmac, though considering I didn’t know I worked with them, then I will take the 1 point away.
What is confounding to me is that my last interaction with Loans.com.au was in November 2020 – four and a half years ago! and the data of mine that has been exfiltrated is Full name, Drivers license, DOB, Address etc – everything that identifies me as a citizen, FROM A THIRD PARTY PROVIDER TO LOANS! – 4.5 years ago, meaning they retained my information for what purpose?!
The data is no longer necessary to be kept by the provider of my enquiry let alone a third party provider, I am extremely disappointed that this is the case as it makes no sense to me.
Luckily the Optus Breach happened between then and now *sarcasm so my Drivers license has been changed already.
Protecting customers sensitive data is a top priority of any business in operation, consider these things:
– What third parties do I share sensitive data with, have they provided us with a risk assessment, what are their data security policies, how do I confirm?
– What data do I really need to perform my task (less is best)
– Is this data encrypted at rest and by transport?
– Do I need to retain this data for any reason, for how long and how do I handle expiring this data.
Finally credit to FirstMac for letting me know, as always reach out to me here
Leave a Reply