Report damns ministry over security breaches

Four employment investigations are now underway, following damning report from Deloitte over Ministry of Social Development kiosk security failure

The Ministry of Social Development (MSD) has today released a "damning" report which shows its responses to serious security breaches have been inadequate. Four employment investigations are now underway. The report, conducted by Deloitte, was commissioned after blogger Keith Ng discovered the ministry's secure servers were accessible through public kiosks in Work and Income offices. At the time it was revealed an independent report highlighted the risk with the kiosks in April last year and a beneficiary advocate had raised concerns last November. The report out today shows the Dimension Data report in April 2011 "clearly highlighted security issues that needed to be addressed including the lack of network separation". "These findings were not appropriately followed up, addressed or escalated for management visibility and action which meant that the risks remained substantially unaddressed." The significance of the risks was underestimated by the project team responsible for the kiosks and the ministry's information technology security team, the report found. Ng, and associate Ira Bailey who alerted him to the breach, assisted with the report.They handed over 7307 items downloaded from two kiosks. More than 1430 of the items contained personal information, including "highly sensitive information" of 10 people. The ministry had already begun contacting those affected. Among the items accessed 533 were Christchurch Earthquake Recovery Authority invoices. MSD chief executive Brendan Boyle said he was "gutted and disappointed" the agency had let people down. "The report is damning around MSD's failure to separate public kiosks from a network containing corporate files." A second Deloitte report would look at broader issues about the security of the ministry's information systems and the culture within the organisation. That review was due to be completed later this month. Meanwhile, a barrister was conducting four employment investigations. "I can assure people that the employment investigations will be thorough and people will be held to account for their conduct," Boyle said.

Join the newsletter!

Error: Please check your email address.
Show Comments

Market Place

[]