MSD privacy holes

Keith Ng followed a tip-off that parts of the Ministry of Social Development’s corporate network could be accessed from public computer kiosks in WINZ offices.

What he found wasn’t so much leaks as gaping holes.

This looks like more than a systems failure.

Any organisation which has private information ought to have someone who ensures that it is kept private and can’t be accessed accidentally or deliberately by anyone not authorised to it.

Ng is a freelance journalist and spent almost a week uncovering this huge security lapse. If you want to support his work you can make a donation here.

9 Responses to MSD privacy holes

  1. robertguyton says:

    Those booths were the brainchild of Paula Bennett, installed as part of National’s ‘cost-saving’ initiatives. That’s Minister Bennett, the same woman who just this weekend assured the nation that confidential information collected as part of her proposed Vulnerable Children programme would be ABSOLUTELY SAFE!

    What do you think about that, Ele?

    Like

  2. homepaddock says:

    An implementation problem doesn’t mean the policy was wrong. The MSD has responded correctly by closing the kiosks and giving an undertaking they won’t reopen “unless and until we can guarantee they are completely secure and we have obtained independent assurance from security experts.” : http://www.stuff.co.nz/technology/7815266/WINZ-kiosk-security-flaw-exposed

    That assurance must be given for the Vulnerable Children programme too.

    Like

  3. robertguyton says:

    It was given, Ele – on Saturday, before this utter stuff-up was exposed. Bennett asssured the country that she would guarantee the security of sensitive data. She couldn’t have chosen a worse time to claim that data is safe under her watch – it plainly is not at all safe.
    I wonder if she will have a brain-fade over all this and say she ‘doesn’t know’, or ‘can’t recall’ whether she made the claim or not and anyway, ‘who cares?’ *shrugs shoulders, looks into distance with Transrail eyes…
    This breach of confidentiality doesn’t, as you say, mean the policy is wrong, but it does mean National, especially Paula Bennett can’t be trusted to run it.

    Like

  4. homepaddock says:

    National doesn’t run this or any other policy – nor should they or any other party. Governments make policy, public servants implement it.

    Like

  5. robertguyton says:

    The Minister is accountable.
    Or perhaps under National this is no longer true?

    Like

  6. homepaddock says:

    Accountable yes, that’s why she’s demanding answers: http://www.beehive.govt.nz/release/work-and-income-security-breach

    Like

  7. Paul Walker says:

    At this point this looks more like a problem with the way MSD have set up their computer systems than a problem with government policy. But it does highlight the issue of how difficult it is to keep confidential information confidential and thus we must ask questions about the safety of any information that the government has on its citizens.

    Like

  8. robertguyton says:

    And if it’s shown that her department was seriously deficient under her management, she’ll resign.
    Go, Paula.

    Like

  9. jabba says:

    goodness, getting interesting as it seems Ira Bailey is involved .. wonder how this will play out

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: