Notice 26 September 2024
To current and former Mint employees and specific Mint-contractors,
On 29 August 2024, the Mint discovered a data breach in relation to the search functionality in the Mintranet, which was due to a misconfiguration of SharePoint.
The Mint fixed the configuration of SharePoint on the morning of 30 August 2024. The Mint also sought independent advice about the data breach.
The Mint has determined that the data breach is an ‘eligible data breach’ for the purposes of the Privacy Act 1988. The Mint has therefore notified the Office of the Australian Information Commissioner (OAIC) about the data breach.
The Office of the Australian Information Commissioner’s reference number for this notification is DBN24/01217.
Information about the data breach
The Mint identified that that the titles of ‘Request Forms’ for Content Manager containers were searchable via the Mintranet.
This meant that the title of any Request Form could potentially be viewed in results displayed when the Mintranet search functionality was used, if that Request Form fell within the search parameters. Some titles of Request Forms included the name and other personal information about Mint personnel. However, even if such a title was displayed, the user conducting the search would not be able to access to the underlying Content Manager container, unless they held the right access permissions.
On 30 August 2024, the Mint changed SharePoint to ensure that Request Forms for Content Manager records that are subject to access restrictions cannot be displayed in response to searches via the Mintranet.
This data breach involved the names and dates of birth of a number of individuals, and information relevant to those individuals (e.g. you could work out from the titles of some Request Forms that the named individual was subject to a misconduct investigation or a performance management process).
The Mint acknowledges that this will cause distress to some individuals, and apologises for the misconfiguration of SharePoint.
Reminder
If you accessed a Request Form title to which you should not have access, please do not further use or disclose this information. You are reminded that you have legislative obligations (e.g. under the Criminal Code Act 1995) and ethical obligations (e.g. under the Australian Public Service Code of Conduct), in relation to the handling of personal information.
Further information
If you require further information, please contact privacy@ramint.gov.au.
Regards
Privacy Officer
Notice 16 November 2023
To current and former Mint employees,
I apologise to every current and former casual employee of the Royal Australian Mint who has been paid less than they were due for work that they performed.
Our employees are a vital part of the Mint and the systematic failure to pay them overtime for hours worked outside of standard working hours since 2010 is disrespectful and unacceptable. This failure should not, and will not, be accepted by the Mint.
As the Chief Executive Officer of the Mint, I give my assurance that the Mint will fully remediate affected employees (current and former), and has put in place systems and processes to help prevent these under-payments being repeated. I also commit to rebuilding employees’ trust in the Mint which has been diminished by this systematic failure.
Affected current and former Mint employees have been contacted, where contact details are known to us. If you were a casual employee who worked for the Mint between late 2010 and August 2022, worked evenings, weekends, public holidays or during the Christmas shutdown and have not yet been contacted by the Mint’s Human Resources section, please contact us at HR@ramint.gov.au.
With regret,
Leigh Gordon
Chief Executive Officer