IBM has broken the silence about the incident involving the Census 2016 website, where the website was brought offline by four distributed denial-of-service (DDoS) attacks.
An IBM spokesperson said, in a statement, that the company’s priority over the last two days was to work with the ABS to restore the Census site.
“We genuinely regret the inconvenience that has occurred. We want to thank the ABS, the Australian Signal Directorate and [the prime minister’s cybersecurity adviser] Alastair MacGibbon for their continued support. We are committed to our role in the delivery of this project.
IBM was appointed as a contractor of the Census in late 2014.
“Continuing to maintain the privacy and security of personal information is paramount. The Australian Signals Directorate has confirmed no data was compromised. Our cyber-security experts are partnering with national intelligence agencies to ensure the ongoing integrity of the site,” the spokesperson said.
This statement from IBM follows a recent accusation by prime minister, Malcolm Turnbull. As reported by sister publication, Computerworld, in a 2GB interview, Turnbull confirmed no data was compromised but blamed IBM for the incident.
“That is a fact. That was a failure that was compounded by some failures in hardware... and in inadequate redundancy. Now these failures have been rectified at my direction, the government’s direction, and under the supervision of the Australian Signals Directorate,” he said.
He added that there are big issues for IBM and for the ABS.
“There has clearly been a failure in the work that was done. My prediction is that there will be some very serious consequences to this… because of failures in the system that had been put in place for ABS by IBM.”
Computerworld also reported that Turnbull said “measures that ought to have been in place to prevent these denial of service attacks interfering with access to the website were not put in place”.
Australian privacy commissioner and acting Australian information commissioner, Timothy Pilgrim, said the Australian Signals Directorate (ASD) has advised that the incident was a denial of service (DoS) attack and did not result in any unauthorised access to, or extraction of, any personal information.
“On the information provided to me by ASD, I am satisfied that personal information was not inappropriately accessed, lost or mishandled.
“The Australian Bureau of Statistics’ (ABS) decision to shut down the website – to avoid any prospect that the DoS attack could include or otherwise facilitate a data breach – was, in the circumstances, a pro-privacy precaution,” he said.
This incident has become the subject of a broader review led by Alastair MacGibbon. Pilgrim said both offices, in addition to the ABS, will work together as part that review and take the appropriate steps to protect personal information collected through the Census.