Experts have raised security concerns that vulnerabilities in the Ministry of Business, Innovation and Employment’s half million-dollar website could lead to a possible Ashley Maddison-style hack.
That’s the view of Labour’s Economic Development spokesperson David Clark, who claims that the real issue is not what data is immediately available, but what connections this vulnerability opens up.
“Every security wall is critical,” Clark says. “Once behind the veil, hackers can explore connections to other Government held-data.
“MoBIE has trusted IT connections into other Government agencies. Once inside the security perimeter, a hacker may roam around and explore other vulnerabilities undetected.
“New Zealanders need confidence that the private data they share with IRD is protected. The reality is that the Government can no longer be as confident of this as it once was.”
The new website uses SSL3 encryption as was done in the failed Ashley Madison website.
For Clark, that does not inspire confidence.
“Questions must also be asked about this and similar vulnerabilities in other parts of the MoBIE IT infrastructure,” he adds.
“You would think $560,000 could buy a secure website. But as usual Steven Joyce’s MoBIE spend-ups raise more questions than answers. The Minister has failed to provide a detailed breakdown of his spend on the gold-plated site.”
According to Clark, this Government has form with privacy breaches including IRD, Winz and ACC.
“Skimping on security and pimping on bling sounds like another Ashley Madison tale,” Clark adds. “New Zealanders have the right to expect higher standards from a Government they entrust with their most valuable personal data.”
- Wynyard revenue rises as partner channels increase
- INSIGHT: Security in the Internet of Things age - Makers vs. Operators
- INSIGHT: Do CEOs understand information security risk?
- Govt launches Green Paper to explore digital convergence
- Lightbox CEO: Convergence Paper highlights opportunities for NZ
- Govt aims to help Māori Technology Scholarship boost sector
- New in the job? What Chief Information Security Officers need to know