ABS responds to "Cyber attacks hit statistics bureau" (The Australian Financial Review, 26 April 2013 pg1)

Contrary to your article, 'Cyber attacks hit statistics bureau' (page 1, AFR 26 April 2013), there have been no successful attempts to gain access to market sensitive or other confidential data held by the Australian Bureau of Statistics.

The "AUSSTATS" database referred to in your article is a source of publicly available statistics. It does not hold any confidential data.

The so-called "successful" attacks referred to in the article relate to external users attempting to connect to publically available ABS services. The incidents were detected by the ABS due to the large number and random nature of the connection attempts. The attempts logged as successful related to valid connections. Attempted connections to the ABS homepage during this incident were reported as being successful by the ABS Security monitoring tool. These attempts posed no threat to the security of ABS data.

The AFR mentions the possibility that ABS user accounts had been compromised and used to attack ABS systems. The incident referred to in the AFR report relates to authorised users of ABS provided external services incorrectly entering their password when trying to access the system.

As noted by the AFR the ABS was expansive in the information it provided as part of the FOI request. The information redacted in the reports related to detailed technical information that provides intelligence on the structure of the ABS network and personal data such as email address and phone numbers of ABS staff involved in the security response

Given the growing sophistication of cyber criminals the ABS cannot take our security systems for granted. We are vigilant in monitoring intrusions into our IT systems, and seek through collaboration with government security agencies to maintain best practice in preventing unauthorised access to confidential data.