On 3 July 2024 one of our staff members noticed an error exposing all of our users names and email addresses when modifying user access to a client or job within Audit Assistant (intended to only show users within the firm).
This was promptly corrected when identified. The details were exposed for approximately 15 hours (9:00pm 2 July 2024 to 11:15am 3 July 2024). No personal or sensitive information was exposed apart from the above. We carried out an assessment using the Privacy Commissioner online assessment tool. The results were as follows:
Sensitivity of information: Not sensitive
Recipient of information: Someone unlikely to cause harm
Types of harm: No harm likely
Likelihood of harm: Unlikely
Attempts to reduce harm: The problem that caused this breach was fixed
Security measures: Yes
No further work was deemed necessary.