Register  
First State Super chief handles furore over tech security
Wednesday, 19 October 2011 12:45pm

First State Super has told Financial Standard it will not be pursuing legal proceedings against the 'goodwill hacker' who exposed a security flaw in its system, with the two parties to instead resolve any issues together.

Michael Dwyer, chief executive of First State Super (FSS), told Financial Standard the super fund will not be continuing its legal case against Patrick Webster.

"We have made an offer to Mr Webster to work jointly together towards resolving the issues, to which he has agreed. We are yet to have the meeting," said Dwyer.

Patrick Webster, FSS member, ex-NSW police employee and IT security specialist raised the alarm last month when he emailed FSS administrator, Pillar, on September 22 and detailed how he gained unauthorised access to the statements of around 568 other members of the Fund.

Webster said that initially he was thanked for highlighting the issue of member numbers being visible in URL's, allowing individuals to simply alter their member numbers to access fellow Fund member accounts.

"Naturally I find this extremely concerning so contacted you today [Sept 22] (I found this around 9pm last night). All the data I obtained has been destroyed / deleted but validated my concerns," said Webster in the email.

"Ideally the Pillar website should generate some kind of hash [provides example] instead of a direct object reference."

Following this email, Webster received legal notification from FSS lawyers, MinterEllison, stating that while his actions were "an attempt to show that it is possible for a wrongdoer to obtain unauthroised access to Pillar's systems, your actions themselves may be considered a breach of section 308H of the Crimes Act 1900 (NSW) and section 478.1 of the Criminal Code Act 1995 (Cth)."

"You should be aware that due to the serious nature of your actions, this matter has been reported to the NSW Police," read the letter.

Webster was requested to destroy and delete all data and records that he gained unauthorised access to and was told he would no longer have any access to the members section of the Fund's website.

Dwyer said the Fund still wants to ensure that all records have been deleted and that both FSS and Webster are comfortable with the outcome and that the meeting is to discuss his findings.

Dwyer confirmed there will be no more legal proceedings and that they "will be having a discussion and working it out between the two of us."

FSS, which has over 770,000 members and some $30 billion in funds under management after merging with Health Super in June, notified members of the security breach on October 7 with the option to change their existing member number and establish a new account.

The letter, obtained by Financial Standard, told members of the security breach and assured them that while it was not a targeted attack on their personal account, immediate action was taken and "permanent changes to our processes to prevent this issue occurring again have been made."

Dwyer confirmed the issue had been rectified immediately after Webster's notification and that member response had been fairly positive.

"Largely it has been business as usual, but there have been a small number of members who did contact us after receiving the letter."

Blogs
Follow the industry experts.
Christopher Page
Christopher Page
Managing Director

It needs to be said, most advisers are great advisers
Emotions are running high among financial advisers and it's not surprising. Over the past year, but especially over the last few weeks ...read more
 
Benjamin Ong
Benjamin Ong
Chief Economist

Reflation, rotation and the taper
'Tis being my final type (drivel, to some gentle readers) for the year, we'll take a look back at the 2013 that was to seek the lessons ... read more
 
Alex Dunnin
Alex Dunnin
Director of Research & Editorial Services

We need leadership, but whose?
What do you call a leader with no followers? Just someone out taking a walk. Financial services is an odd industry sector in that ... read more
News Search   
VideoBrought to you by
Platinum Asset Management
Reflecting on more than three decades in the industry, Platinum Asset Management managing director Kerr Neilson says one of the changes in the industry has the been the erosion of the information advantage ... Watch video
Who wants to be a RockStar 2014 Highlights
Count's Chris Mekhail was crowned 2014 Rockstar this year for his soaring rendition of Swedish House Mafia hit 'Don't You Worry Child' at the annual Who wants to be a RockStar event organised by the Finance ... Watch video
MAX 2014 Highlights
The annual MAX forum places all the movers and shakers in financial services when it comes to sales, marketing and distribution. Find out the recipe of those who are taking the lead. Watch the video n ... Watch video
Claims Management
Is the industry doing enough to engage employers in relation to their role in the claims process? Comments by: Annette Torrington -CommInsure, Pauline Vamos - Association of Superannuation Funds Australia ... Watch video
Member Awareness
Lawyer involvement in the claim assessment stage can lead to the member being financially worse off and increases claims administration costs. What can be done to reduce lawyer involvement in the claim ... Watch video
AMP Capital Australian Equity Concentrated Fund
We invite you to watch our latest video program on FSiTV featuring AMP Capital's Co-Head of Australian Fundamental Equities Gian Pandit, as interviewed by Mark Smith, deputy editor of Financial Standard. In ... Watch video
Get it
Daily
FREE to your inbox, get the Financial Standard Daily Email.
Get the Free
iPad app
Download the Financial Standard iPad app for FREE
Industry
Events
JUL
30
AUG
06
FSC Annual Conference 2014 - Accelerate
13
Equities Forum
14
Alternative Investments 2014 Conference
26
Best Practice Forum: Managed Accounts
SEP
10
Risk and Liquidity Forum
News
Bites

$245 (inc GST) for 1 year
 
 
Copyright © 1992-2014 Rainmaker Group
All material on this site is subject to copyright. All rights reserved. No part of this material may be reproduced, translated, transmitted, framed or stored in a retrieval system for public or private use without the written permission of the publisher.
Link to something kNReG6rg