South Australian Leader Says No Data Compromised in Contact Tracing Hack

South Australian Leader Says No Data Compromised in Contact Tracing Hack
South Australian Premier Steven Marshall demonstrates checking in via QR code to help with contact tracing at the Stag Hotel on December 01, 2020 in Adelaide, Australia. (Kelly Barnes/Getty Images)
Daniel Y. Teng

South Australian Premier Steven Marshall has reassured residents that no data was compromised after the state’s contact tracing app was hacked.

“There has been no hacking or compromise of data on the mySA GOV app, and there has been no compromise of data that we use for our COVID check-in,” he told reporters.

“What we did have was a very swift response from the people in the IT section of the Department of Infrastructure and Transport (DIT),” he added. “They locked down the system.”

The premier said the team saw the hack “coming in very quickly,” and the system was shut down within seconds.

Last week, the DIT revealed that several user accounts had been accessed by a third party, who obtained the passwords while hacking a separate website.

“The accounts could be accessed because account holders had used the same or a similar password for their mySA GOV account as they had used for their account with the unrelated website,” the DIT said in a press release. “The hackers then used the passwords they had obtained from the unrelated website to access a number of mySA GOV accounts.”

The DIT said there was no evidence of unauthorised transactions on the mySA GOV accounts and that the hacked accounts were blocked.

Further, all affected accounts were notified of the hack and told to change their password.

“It is strongly recommended that when choosing a new password for their account, customers do not use a password that has been previously used or is currently being used for any other accounts,” the DIT added.

Marshall said there were thousands of attempted hacks targeting government portals each week.

“People need to be vigilant,” he said.

Concerns have emerged in recent months over the lack of protection around data collected by contact tracing apps.

In June, West Australian and Queensland police were found to have accessed contact tracing data to aid in ongoing investigations. While police in Victoria tried on three occasions to access data but were blocked by the state’s health department.
The left-leaning Australia Institute’s Centre for Responsible Technology called on state governments to “regain the public’s trust” to ensure privacy rights were not whittled away by the widening use of technology in COVID-19 compliance measures.

South Australia is currently trialling a home quarantine app that will become the national model if deemed successful.

Residents entering home quarantine are required to download the Quarantine SA app and will need to “check-in” with the app at random intervals during their quarantine period of two weeks.

Users have just 15 minutes to respond to a random check-in notification (in Western Australia, this is just five minutes) by scanning their faces.

If they miss a scan, they will receive a follow-up phone call from the Home Quarantine SA team to discuss the reason why. If the individual misses the phone call, a compliance officer may be sent to the approved address to check on their situation.