Some of you may have heard a radio report yesterday about the MarCel marriage celebrants portal being hacked. When I heard about it this morning I immediately found the Hansard record of the Senate Estimates Committee meeting where it was discussed on Monday (for those who don’t know, Hansard is the transcript of proceedings of the Australian Parliament and its committees).
The Hansard record was slightly alarming in that it didn’t provide many details. You can read it here; the relevant discussion is about halfway down (use the Find function in your browser and search for the keyword “marriage”).
Honestly, in the current environment with the Optus and Medibank hacks, I was pretty unimpressed that we hadn’t been alerted to this as people with details in that database. So I sent an email to MLCS:
I was pretty disappointed to read that the MarCel database was subject to a cyberattack three weeks ago but that we haven’t been informed. Although this Hansard record says no data was downloaded, I think in the current climate with the Optus and Medibank hacks, it would be prudent for the Department to be completely transparent with us about such matters.
Can you please contact all celebrants with details of the attack and what has and is being done to protect our information?
Lo and behold, an hour later my phone rang, and it was the lovely Kerrin from the Marriage Law & Celebrants Section on the phone! She wanted to assure me that what had been accessed was an old version of the database that actually holds no data but is used to point people towards the new version (something something – neither she nor I am particularly tech-savvy in that area!), and that therefore no personal details of celebrants had been accessed and nothing had been downloaded. They fixed the gap and we’re good to go.
I noted that given it hit the national media yesterday, celebrants were likely to start asking questions if they weren’t already, and MLCS might need to communicate ASAP with all celebrants to assure them there is no problem. She understood and noted we will discuss it at the MLCS/Associations meeting on 24 November. She will also be taking us through the stringent cybersecurity protections they have in place (such as us needing to change our password almost every time we log on to the portal!)
So that’s the info we have: no drama, more info to come 🙂
Your nerd chimes in
Hey, Josh here on the end of Sarah’s news because I wanted to chime in with a plea to all celebrants: one day soon, and maybe even sooner after this news, one of us is going to be on the news because we got hacked and we need to know how to lessen the risk of it happening.
The hypothetical news report will detail how all of the data on our local computers, in our emails, and our text messages were taken by a hacker. The celebrant’s clients’ passports, birth certificates, parents’ details (like the mother’s maiden name – that old security question), and our notes on the couples, like children’s and pets’ names, addresses, and love story details. Celebrants are hot fodder for identity thieves.
There was a time when locks and deadbolts were new technology and we had to learn how to use them to secure our offices, filing cabinets and homes. You now need to learn how to secure your computers, phones, and data stores. If you can’t put a hand on your heart and promise to your clients that their data in your NOIMs, marriage certificates, BDMs online, and emails are secure, then you need to figure out how.
The featured image for this story was generated by DALL-E AI with the prompt “photo of a computer hacker’s wedding” so that’s why it’s so creepy.