This month, the Commission has issued one Decision.

The Decision highlights lapses in security practices that led to a significant data breach affecting over 665,000 individuals. The breach stemmed from a system misconfiguration during a migration exercise, which allowed a threat actor to gain unauthorised access to personal data, which was later found for sale on the dark web.

This case reinforces the importance of robust technical and governance measures in safeguarding personal data, particularly when managing complex IT environments. Organisations should:

• Incorporate checks into manual processes involving sensitive systems to reduce the risk of human error;
• Establish rigorous change management protocols, including formalised testing and validation of system configurations;
• Strengthen access controls and ensure password protections are properly implemented across all accounts; and 
• Proactively review and audit third-party integrations and administrative tools to prevent data exposure.

Access the Media Release and Decision respectively.