Security breach of central domain database investigated


The industry self-regulatory body for the '.au' domain, auDA, has terminated NetRegistry's appointment to host the AUNIC registry following reports of a security breach. The AUNIC registry is the central database of '.au' names, containing information about most second-level domain (2LD) names, including details of domain owners. NetRegistry had hosted the AUNIC service since May this year, after being awarded the contract by auDA.

Although auDA has not released exact details of the security breach, or the other matters leading to termination, reports allege that NetRegistry had been using the data in the database for commercial purposes, and that the names and contact details of hundreds of domain name owners had been publicly released. NetRegistry has been reported (Kate Mackenzie, "NetRegistry losses AUNIC", Australian IT, October 27 2001) as admitting to using the data in this way, arguing that this fell within its rights under its contract with auDA, but denying knowledge of the source of the leaked files.

NetRegistry's hosting agreement has been ended by auDA, which emphasized its policy to limit bulk access to the AUNIC database, safeguarding against unauthorized access and improper use of the system.

Optus is now hosting the AUNIC system, while auDA continues to investigate the breach.

Cheng Lim, Partner and Jennifer Hibbert, Mallesons Stephen Jaques, Melbourne

Unlock unlimited access to all WTR content