According to a statement issued by the Australian Privacy Commissioner, the Australian Signals Directorate says there was a DoS attack on the Census 2016 website, and that there was no data breach.
Rather than risk accusations of misinterpreting the Commissioner's statement or quoting it out of context, we reproduce it in its entirety.
Yesterday I initiated an investigation into an incident involving the Census 2016 website. My priority in doing so was to ensure that no personal information had been compromised.
My staff and I have been in regular contact with the Australian Bureau of Statistics (ABS), and I have received a briefing directly from the Australian Signals Directorate (ASD) — the Commonwealth's pre-eminent cyber-security analysts.
ASD advised me that the incident was a denial of service (DoS) attack and did not result in any unauthorised access to, or extraction of, any personal information and, on the information provided to me by ASD, I am satisfied that personal information was not inappropriately accessed, lost or mishandled.
{loadposition stephen08}The ABS’s decision to shut down the website — to avoid any prospect that the DoS attack could include or otherwise facilitate a data breach — was, in the circumstances, a pro-privacy precaution.
This incident will now be the subject of a broader review led by the Prime Minister’s Cyber-Security Adviser, Alastair MacGibbon. I have discussed with Mr MacGibbon how our Offices will work together as part that review.
My Office will also continue to work with the ABS to ensure they are continuing to take appropriate steps to protect the personal information collected through the Census.
Timothy Pilgrim PSM
Australian Privacy Commissioner
Acting Australian Information Commissioner