Welcome to the blog of NSW strata investigative journalism
| From: | SP52948 owner |
|---|---|
| To: | Frank Tallaridi Waratah Strata Management |
| CC: | Robert Crosbie Waratah Strata Management |
| Subject: | Request to provide information about alleged data breach at Waratah Strata Management and loss of SP52948 strata files on 14Jul2019 |
| Date: | 14/7/19, 8:16 pm |
Hi,
Lot 158 has some information that might be of importance to help the Police investigations in regards to alleged data loss and hacking attack against Waratah Strata Management.
After malicious or criminal attacks, human error accounted for 35% data breaches over the period 1 April 2018 to 31 March 2019 (source: Australian Government Notifiable Data Breaches).
The Privacy Act 1988 (Cth) (Privacy Act) and the Privacy Regulations 2013 (Privacy Regulations) requires strata managers to comply with 13 Australian Privacy Principles (APPs) (subject to other provisions of that Act) in how they handle personal information. The APPs regulate the manner in which personal information is handled throughout its life cycle, from collection to use and disclosure, storage, accessibility and disposal (where applicable).
It is noted that Waratah Strata Management had full access to all passwords at lookatmystrata.com.au, which was/is against all security policies and privacy guidelines.
Please provide the following information as a matter of priority:
a) On which date (exact time would be appreciated) did the attack happen and what services were affected (website access to waratahstrata.com.au, email, and so on)?
b) Apart from SP52948, did any other Waratah Strata Management client lose data or got affected by the hacking attack?
c) SP52948 strata files are located at lookatmystrata.com.au. Does Waratah Strata Management allege that SP52948 data breach happened not only at waratahstrata.com.au but at lookatmystrata.com.au as well (two websites affected)?
d) Waratah Strata Management uses email services and Office365 at Microsoft. Is it alleged that Microsoft was also attacked and somehow lost SP52948 files?
e) On which date did the full services for email and website access to waratahstrata.com.au and lookatmystrata.com.au get restored?
f) Who provided file restore services (presumably from backup tapes or on-line backups)?
g) On which date was the Police notified and what is the Event number?
h) On which date was mandatory data breach notification completed (Privacy Amendment (Notifiable Data Breaches) Bill 2016)?
i) On which date, if applicable, was SP52948 insurance notified about the loss of data, financial files, and private information (including bank account details)?
j) Waratah Strata Management appears to have stated strata files on USB key that was lost (misplaced) by the Police in mid-2018 was not backed up. Is that still a valid and truthful statement?
Regards,