AAMI pulls online quote system over security scare
Suncorp has removed a trial online quote system for home and contents cover amid fears it could double as a burglar’s roadmap.
The group’s AAMI brand was warned via Twitter that the system exposed details about individual premises, such as whether or not they have deadlocks, key-operated locks on windows, burglar alarms and smoke detectors.
This was available to anyone who entered the address of a property already on AAMI’s records.
Melbourne-based computer expert Pratik Khasnabis flagged the issue, tweeting: “You have a potential privacy issue. If you do a home insurance quote… with an address that is in DB it spits out details of the home including security details like alarms, locks etc.”
AAMI responded: “Thanks for bringing this to our attention. We’ve escalated this issue as critical priority.”
A spokesman told insuranceNEWS.com.au Suncorp has suspended the quoting system.
“The trial recently began on the AAMI and Suncorp Insurance websites to make it easy for customers to obtain a quote. Some of the questions had been pre-populated based on building records, or on a suburb or area, to remove customer confusion.”
The spokesman says answers provided related to a building and did not contain personally identifiable information, but the system is under review.
IT security expert Troy Hunt – a Microsoft Regional Director – told insuranceNEWS.com.au AAMI’s quick response was “good”, but the system perhaps should not have been live.
“They really need to think about how much information they should be disclosing to unidentified parties,” he said. “Clearly in this case, telling people who don’t own a property detailed information was too much.”