I am sure that after the recent news regarding the Hon Murray McCully’s email account at xtra being hacked will have many people concerned with internet service providers’  security. The essence of this particular event is; McCully was able to redirect (at least some of) his parliamentary email to his electoral account. This redirection was probably done to facilitate some event or action.  However, the possible long term consequences this action don’t seem to have been considered. The xtra account was apparently more exposed than the parliamentary one and hence had less protection (McCully’s official contact page lists several contact accounts) so guessing the password will have been a matter of time. Note that this type of activity is an offence under the Crimes Act.

If you are redirecting corporate email to an external service be very very sure that you are staying within policy and contractual obligations. Generally the highest data classification (e.g. confidential, sensitive or personally identifiable information) will apply to an email account if it contains or is likely to contain such content. This way the risk of unauthorised disclosure is minimised and should keep away situations like the one McCully now finds himself in. He will now spend many hours in damage control probably far more time than the time that he would have saved by not redirecting his email.