The claim management systems used by Australia Post, the nation’s biggest online retailer, are riddled with security flaws, according to a security expert who is leading a campaign to expose the flaws.
“The problem is that most of these systems are so insecure,” said John Young, who is the chief technology officer at security firm CrowdStrike.
“They’re not designed to be secure, and the problem is they don’t even have an adequate security level to make it safe for a consumer to access them,” he said.
Mr Young said he was not surprised by the scale of the problem and it was “likely that” most people have not been using the systems, which are widely used by the nations largest retailer.
Australia Post says it has patched the systems but has no timetable on when they will be updated.
The Australian Financial Survey revealed that more than one-quarter of the people who had checked in online had received a claim within a week.
While some of the claims were for “lost, stolen, damaged or destroyed”, the majority of people who were not in the database had received more than a dozen claims within a day.
“It is very difficult to verify these claims and you can’t just rely on one company to keep track of all the claims,” Mr Young told ABC News.
“When a claim is posted online it has to be verified by the customer themselves, so there is a risk that the claim has been posted on a fake or false website.”
He said that if a claim was not confirmed by the user, then it was unlikely to be trusted by other customers.
“This is a huge issue, because it could potentially be used by criminals, so it’s something that you would need to take into consideration,” he added.
Mr Brown, a former IT consultant who also works for a US law firm, said that he believed the problem could be fixed, but that it was a slow process.
“You’d think that the Australians would be able to figure out how to fix this and that it would be done within a few months, but they haven’t,” he told ABC Radio.
“If they had a good plan to fix the problem, I think they could have done it very quickly.”
They have this whole system where it’s basically like a one-stop shop for everything and the only thing they do is check their own database.
“That’s not going to fix it and there are other companies out there that can provide much more robust and more reliable solutions, but it’s not Australia Post.”
Australia Post said it was in the process of fixing the system.
It said it “has not seen a single claim that has not been verified by a customer”.
It said there were two ways to verify claims, and “if a customer cannot provide us with the information required to verify their claim, we will issue a cancellation notice”.
The company said it would provide refunds for customers who had not provided the correct information to verify the claim, but would not refund the difference between the cost of the claim and the refund it would receive.
A spokeswoman for the Australian Taxation Office said it did not “provide a response to specific allegations”.
‘Doubtful’ Australia Post had any way of knowing whether a claim had been made The spokeswoman said Australia Post “does not provide a way to check whether or not a claim has already been confirmed”.
She said: “We are very confident that the systems we have in place are secure and are designed to handle the complex challenges that are associated with this type of online service.”
“We would expect that Australia Post will provide a response by the end of the week.”
Australia’s top law enforcement official told the ABC the government would “absolutely” investigate claims made online.
“We don’t know if it’s an individual, it could be a group or it could just be an organisation,” Assistant Commissioner Mark Regan said.
A spokesman for the Federal Government said: ”The Government is committed to taking action against anyone who abuses online service and this is something we will continue to do to protect Australians from criminals, fraudsters and cyber criminals.””
I think we’re going to look into it.”
A spokesman for the Federal Government said: ”The Government is committed to taking action against anyone who abuses online service and this is something we will continue to do to protect Australians from criminals, fraudsters and cyber criminals.