In a recent data privacy incident, auDA, the administrator of Australia’s .au domain, revealed that a software error in its new WHOIS tool inadvertently exposed sensitive registrant information. The breach has raised concerns about the security of domain name records managed by the organization.
Details of the Breach
The issue stemmed from a flaw in the .au WHOIS tool hosted on auDA’s website. According to the organization, the error allowed unauthorized access to registrants’ postal addresses, phone numbers, and fax numbers. Although this information was not visible on the tool’s standard interface, it could be accessed through developer tools available in web browsers.
An estimated 1,500 domain name records were affected, including 800 tied to registered businesses. The organization acted quickly to take the tool offline after discovering the problem and redirected users to an alternate WHOIS tool.
Steps Taken by auDA
In response to the breach, auDA has:
- Reported the incident to the Office of the Information Commissioner and the Australian Cyber Security Centre.
- Launched efforts to notify individuals and businesses whose information may have been exposed.
- Issued an apology to those impacted, emphasizing its commitment to data security.
auDA confirmed that the availability of the WHOIS service was not disrupted during the incident.
Support for Affected Registrants
Individuals who believe they may be impacted can contact auDA for more information. The organization has set up a support line available during extended hours:
- Phone (Australia): 1300 732 929
- Phone (International): +61 3 8341 4111
- Extended Hours: 8am–8pm AEDT on 7 and 8 December 2024.
Leave a Reply