News and Publications banner
Home News & Publications

News & Publications

Data Breach Incident Notification:

Stolen IPad from a Gladstone Ports Corporation (GPC) work vehicle

27 JULY 2018

Details of the Incident

DATE:       31/03/2018

PLACE:     Gladstone

How was the breach discovered? 

A data breach was notified to GPC internal resources at 2:01pm on 3rd April 2018.

Description of the incident

An IPad was stolen from a GPC work vehicle. 

The iPad contained Pilotage information and video recordings of jobs, and reported to contain “nothing that is commercially sensitive”, however it is uncertain whether any contact information or identification details were stored on the device.

Pilotage information and video recordings may contain information identifying individuals, however this is unlikely.

Cause of the breach (if known)  

The  IPad was stolen from a GPC work vehicle, however the device was passcode protected.

Who does the data breach affect? (e.g. staff,  general public, any third party)

It is unclear who is affected by the data breach, however the impact could be confined to  GPC staff only. Although the iPad was not used for the distribution of email, the user was unsure whether contact details were stored on the device.

Estimated number of individuals affected  

Exact number is unknown, however would be believed to be less than 20 individuals.

Description of immediate actions taken to contain the data breach 

The police have been notified and the incident was entered into the GPC incident system on the 4th April 2018, reference Number 22476. The police were notified the following morning, once the theft had been realised. The telecommunications service provider (TSP) was also immediately contacted.

The device SIM has been deactivated, and the TSP was requested was to disable the IMEI by COB (2018-04-04).

A passcode was used on the device prevents unauthorised access, with the device set to purge data after 10 unsuccessful unlock attempts.

Was anyone else notified of the data breach?

Police have been notified due to this being a criminal act.

Has evidence been preserved? 

Evidence of investigation is held in GPC’s document management system.

Is further investigation considered necessary and how will this be undertaken? 

No further investigation options are available at this stage.

Have steps been taken to prevent the breach from occurring again? 

Users are reminded not to leave GPC equipment in vehicles. GPC is currently implementing a Mobile Device Management (MDM) tool, which will allow the remote destruction of data on mobile devices. No further action at this juncture due to nature of this breach.

Incident review and action taken to prevent future breaches

Fully investigate the cause of the breach

Due to the lack of perceived information, the outcome has been rated as “no risk of serious harm envisaged”.

Report to OAIC Executive on outcomes and recommendations 

Online form completed and submitted. GPC requested by OAIC to post a notification on web site.

To our valued customers and users

Where should I go for further information?

Complete our contact us enquiry form or phone (07) 4976 1333.

What should I do if I think my identifying information may have been on the stolen device

Complete our contact us enquiry form or phone (07) 4976 1333.

Print friendly PDF