Privacy Commissioner opens investigation into Fairfax site hack

Herald Education and Young Writer have been taken down following the security breach

The Australian Privacy Commissioner, Timothy Pilgrim, has launched an investigation into the recent hacking of Fairfax microsite, Herald Education. Fairfax’s Young Writer microsite was also hacked.

Both websites, which are hosted by a third party, provide student activities and teaching resources, as well as offering promotional subscriptions of the Sydney Morning Herald (SMH).

“I have opened an investigation into allegations that the Herald Education website may have been subject to hacking, compromising the personal information of some subscribers,” Pilgrim said in a statement.

“My investigation will be looking at the site’s compliance with the Privacy Act and in particular whether appropriate data security practices were in place at the time of the alleged hack.”

Fairfax has also ordered the third-party provider to take the websites down.

SC Magazine Australia reported that hackers claimed to have obtained 10,000 unencrypted credit card details and gained access to the smh.com.au domain using administration details stored in one of the hacked websites.

The Sydney Morning Herald reported that Fairfax claimed its main media sites and subscriber details were not compromised in the security breach.

Pilgrim said that security breaches similar to this one had increased in 2011 and so businesses should be extra cautious.

“I strongly encourage businesses to make the security of their customer’s personal information a top priority, particularly in the light of an increased number of similar security breaches in 2011,” he said in a statement.

Follow Computerworld Australia on Twitter: @ComputerworldAU

Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Web Gateway Security

Real-time Protection from Real-world Threats

more »

Submit your own security event

Submit your training courses

Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.

Read More
more »