This update was posted by the Office of the Australian Information Commissioner where it is published under CC by 3.0
11 August 2016
Yesterday I initiated an investigation into an incident involving the Census 2016 website. My priority in doing so was to ensure that no personal information had been compromised.
My staff and I have been in regular contact with the Australian Bureau of Statistics (ABS), and I have received a briefing directly from the Australian Signals Directorate (ASD) — the Commonwealth’s pre-eminent cyber-security analysts.
ASD advised me that the incident was a denial of service (DoS) attack and did not result in any unauthorised access to, or extraction of, any personal information and, on the information provided to me by ASD, I am satisfied that personal information was not inappropriately accessed, lost or mishandled.
The ABS’ decision to shut down the website — to avoid any prospect that the DoS attack could include or otherwise facilitate a data breach — was, in the circumstances, a pro-privacy precaution.
This incident will now be the subject of a broader review led by the Prime Minister’s Cyber-Security Adviser, Alastair MacGibbon. I have discussed with Mr MacGibbon how our Offices will work together as part that review.
My Office will also continue to work with the ABS to ensure they are continuing to take appropriate steps to protect the personal information collected through the Census.
Timothy Pilgrim PSM
Australian Privacy Commissioner
Acting Australian Information Commissioner