Govt orders computer security checks
Tue, 16 Oct 2012 5:24a.m.
By NZN / 3 News online staff
All Government agencies with computer systems that can be accessed by the public will be checked to make sure another privacy breach doesn't happen.
Prime Minister John Key says Work and Income's failure to protect sensitive information is being taken "very seriously".
Blogger Keith Ng said in his OnPoint blog on Monday night that Ira Bailey, one of the Uruwera 17, was the person who got in touch with him about the privacy breach in Work and Income's public computer kiosks.
Mr Ng blogged on Sunday he had easily accessed the information while using Work and Income's kiosks, which are intended to help people fill out forms.
It included details of children in care and up for adoption, foster parents, lists of people who owed the ministry money and the name of a person who had attempted suicide.
He handed it over to the privacy commissioner and sparked an immediate inquiry.
Mr Bailey originally faced firearms charges offences over alleged military-style camps in the Ureweras in 2007 but they were dropped when the Supreme Court ruled the charges weren't serious enough for illegally-obtained surveillance camera footage to be used in court.
Social Development Minister Paula Bennett says she's "appalled and mortified" by the breach.
Yesterday the Ministry of Social Development told media an IT firm it employed hadn't picked up the flaw in its system.
Today, it says the firm - Dimension Data - recommended it make changes to its security last year, and the department isn't confident it took the right actions in response.
"What we now need to work out is was it acted on," says Ms Bennett. "Obviously it wasn't well enough, otherwise we wouldn't be in this situation today."
Mr Key says it should never have happened.
"The chief executives of all agencies that interface with the public will be checking their systems," he said.
He also took a swipe at Mr Bailey, saying he went to Ng after the Government refused to pay him for the information.
"Obviously it would have better if the individual involved had told the Government, and not tried to charge the Government some sort of fee," says Mr Key.
"Let's put it in those terms, but he didn't, and goodness knows what he did with the blogger. I really don't know if he gave it to him or sold it."
Mr Ng denies MR Bailey was paid for the tipoff. In a blog entry last night, Mr Ng said it was "not unusual practice" for companies to offer rewards for finding security holes in their IT infrastructure.
"It's certainly not blackmail," wrote Mr Ng.
"Google and Facebook, for example, both pay for vulnerability reporting. It gives them a [sic] opportunity to close holes discretely, without causing embarrassment for their company… Asking to be compensated for his troubles is not unreasonable."
The 700 kiosks around the country were taken down and exposed servers were locked after Mr Ng's revelation.
Ms Bennett was unable to say whether the ministry would contact the affected clients, or whether they would receive an apology.
NZN / 3 News
Post a Comment
Before commenting, please take the time to read our moderation guide
(Won't be published)
16/10/2012 11:42:12 a.m.
old fella wrote:
same old national, sacked half the gov workers, give managers more pay and now look what has happend get rid of paula and that dotcom yes man.he thinks kiwies are stupid
16/10/2012 11:10:49 a.m.
@Dan: they changed things a while back to 'increase efficiency'... you don't have case workers any more (unless they changed it back while i wasn't looking), you get who you get at the time. the local WINZ office is also now appointment only... if you're in immediate trouble, you can't show up and wait until someone has time for you. if you turn up they'll make you an appointment and tell you to come back later. perfectly valid and reasonable in some, even most, cases, very much Not in others (they may have protocols for dealing with those truly urgent situations, mind you, but given the nature of WINZ staff it's a complete toss up as to whether such would be followed or you'd just be fobbed off.)
16/10/2012 10:29:07 a.m.
This guy should be paid something for identifiying this seriose breach/fault in the system. Or at least give him a job working in govt IT. He did this country a favour even tho some still have the heads stuck up their a-- to realise it. And yes Paula should step down, that would be the democratic thing to do. But this Govt realises now that most NZers are sheeple and it can do what ever it likes.
16/10/2012 9:41:02 a.m.
Thorough review of all systems public can access is a good necessary start, BUT I'm aware of problems coming from WINZ staff who access beneficiary details for other purposes, for example giving details to a mate who likes the look of a woman. I think the MSD chief executive needs firstly to admit that (1) virtually every employee can access anything s/he wants to, and (2) make citizens' files available only to senior managers and the person's particular caseworker. Dan.
16/10/2012 9:18:40 a.m.
Helen waite wrote:
@ Pondering: hhhmm WINZ are always on the backs of beneficiaries to "find ways to increase their income". Then they shoot this guy down for it. The MSD also falsely accused him to the media of attempting to black mail the ministry and demand money. Wrecking 10000s of kiddies lives versus inquiring about employment possibility and renumeration. My conscience knows which is the bigger crime. Does yours paula??
16/10/2012 9:16:08 a.m.
The mere fact that this man alerted winz to a problem with privacy and their reaction was to fob him off and do nothing about it,the kiosk's should have been shut down immediatley and security services alerted,regardless.This problem has been notified by other sources a year ago and nothing happened.Makes me wonder if someone in a shiny suit or tall heels had come into winz and told them of a security problem,would that have made them act straight away,probably and with a smile,also a 'we will look at that straight away,thank you for alerting us'
16/10/2012 9:04:05 a.m.
pc man wrote:
The best way to stop people seeing confidential information is to have a life-size cardboard cutout of Paula Bennett in front of each kiosk. That would cover up the screen and any info with space to spare.
16/10/2012 8:39:04 a.m.
@:Helen West. Yes. It is a person on limited income using initiative to garner some extra employment, experience and reference. He should be applauded. But like so many in his position trying to climb out of the mire, the MSD stomped on him.
16/10/2012 8:32:15 a.m.
jacqui scott wrote:
i am discussed with john keys attitude winz hold alot of sencertive information on me i tried all day yesterday to find out if my file could have been acsessed and now to find out 1 that it was a guy that had been accused of being a terrorist was the 1 to acsess the files is very scary and you knew about the breach i am also 1 of the people who sufferd from the acc breach come on keys get of the grass for gods sake start doing the right thing suprise us take some responsobility for a change
16/10/2012 8:22:38 a.m.
Helen West wrote:
Excuse me? WINZ will be paying very good money to find the fault in their computer system. There is NOTHING wrong with the whistleblower asking to be paid for his expertise!
Viewers overwhelming voted yes to decriminalising soft drugs during TV3's nation...
A petition boasting more than 37,000 signatures against the use of animal testin...
A report by New Zealand's police watchdog into the Urewera terror raids has foun...
Calls are growing for the Auckland Council to rethink its plans for more intensi...
The Nation reporter Torben Akel took a close look at her background and asked so...
Copyright © 2013 MediaWorks TV. All Rights Reserved.