• Full Story

Answer on WINZ privacy failure within fortnight

Email
Print

Answer on WINZ flaw within fortnight

3News NZ

(file)

(file)

Answers about why a major security flaw in Work and Income's public computer system wasn't fixed 18 months ago will be known within two weeks.

The Ministry of Social Development (MSD) has released the terms of reference for a review of the flaw, to be carried out by Deloitte chairman Murray Jack.

MSD took down its 700 public kiosks on Sunday after blogger Keith Ng revealed the computers could be used to access sensitive data on the agency's server, including details of children in care and up for adoption, foster parents, lists of ministry debtors and the name of a person who had attempted suicide.

Security company Dimension Data identified the flaw in April last year, but MSD apparently failed to act on its recommendations.

The first phase of the review will focus on the establishment and operation of the computer kiosks, including what work was done to ensure appropriate information security was put in place when they were designed and built.

It will also look at the independent testing of that security, and the ministry's response to any security issues that were identified.

Previous concerns raised about the security of the kiosks, and how MSD responded, along with its response to Mr Ng's revelations, will also be reviewed.

Mr Jack will report back within two weeks.

He will also review the ministry's wider information systems security, particularly its publicly-accessible systems, and make recommendations about what changes are needed.

MSD says both reports will be made available to the public.

All government agencies with public computers are now checking their systems to ensure they don't have the same issue, while the Privacy Commissioner may also investigate.

State Services Commissioner Iain Rennie has also asked the government's Chief Information Officer Colin McDonald to carry out an urgent review of all of the state sector's publicly-accessible systems.

NZN

Post a Comment

Before commenting, please take the time to read our moderation guide


(Won't be published)



Comments

17/10/2012 9:15:59 p.m.

One of the little people wrote:

Let me guess, the inquiry will find that some lowly manager in WINZ is responsible, and minister Bennett won't be able to remember a single thing. She and her Government can then merrily continue slashing funds and running govt departments into the ground. She's only highly paid ministers, after all, and she and her colleagues can't be expected to read the things they sign, nor be responsible for the ministries they head. Accountability is for the little people.

17/10/2012 8:25:05 p.m.

Jim Seaview wrote:

QUOTE: "Security company Dimension Data identified the flaw in April last year, but MSD apparently failed to act on its recommendations" READ the above Quote - this whole saga could have been avoided in APRIL 2011 if someone from the MSD Management had listened to Security company Dimension Data when they identified the flaw and actually did something to fix the flaw. This whole breach of client details security was PREVENTABLE. It was MSD Management not treating the flaw found with the seriousness it deserved and then they FAILED to do anything. We will put this into the TOO HARD BASKET!!! Now it has been decided that this is an IT error (not an operational error) and the Government has now decided to waste more tax payers money by asking State Services Commissioner Chief Information Officer Colin McDonald to carry out an urgent review of all of the state sector's publicly-accessible systems. They are on the WRONG path again!!!! Yes all funded by the hard working, overtaxed, overRated, diligent struggling taxpayer who really deserve better value from their hard earned tax dollar.

17/10/2012 7:12:24 p.m.

alison wrote:

This govt is stumbling from one disaster to another. When will enough be enough. Kim Dotcom saga still not resolved, Acc breaches ongoing, Charter schools forced upon us and Novopay whom Hekia says is sorted, but we know its not, so still ongoing, Asset sales key says is resolved and heading to court, Foreign affairs screw up, we can assume is still ongoing as we see no one there for our kiwis when in need whilst travelling to some places, Winz stuff ups on such a grand scale that its the biggest in nz ever and put thousands at risk, Poverty and abuse statistics no longer recorded and funding stopped, and thats just the tip of the iceberg. The banks saga ongoing, dodgy financial figures, racism, the lies, secret handshakes, law changes to order. How about the photo shoots and using the police for private uses, the handshake with ritchie mcaw, the letterman show, bashing beneficiaries, the movie trip. How is this a brighter future for anyone other than a national politician? Even national party members are finding it hard to understand what has happened? Where is our governor general and why is he so quiet? I agree Annie there is no reason in this national logic. I am indeed starting to think we are run by a pack of raving lunatics.

17/10/2012 4:54:36 p.m.

pain for no gain wrote:

So was it really a good idea to cut all those back office public service jobs, eh Mr Key??? Maybe those public servants - like myself - were actually providing a useful service and not just "costing" as has been the mantra since National have been in power. National have only themselves to blame for this disgusting mess, and now it will COST to try and fix it. FALSE ECONOMY Mr KEY - back to school for you.

17/10/2012 4:34:53 p.m.

Annie wrote:

How many more muck-ups will there be in this govt. ministry before the PM stands the minister down and promotes somebody more competent? I watched Parliament and thought both yesterday and today the minister was in fairy land with her answers. I've heard her preach to others: "Take responsibility"