KiwiRail negligence left a test website open to the public where it was possible to book train and ferry tickets for free, prompting the Labour Party to slam the Government’s “amateur” cyber security defences.
After leaving its test website open to anyone growing on the internet, the error made it possible to make legitimate bookings on ferries and trains with a fake credit card number.
“It is remarkably easy for anyone with good technical knowledge to use the site to make free bookings,” says Clare Curran, Open Government spokesperson, Labour.
“Basically KiwiRail left a hole in its security so big you could drive a train through it.
“What makes matters worse is after I was contacted by a whistleblower I alerted KiwiRail who took 16 days to fix it. It is still unclear if the issues have been fixed.”
Curran says that while National says cyber security is extremely important, that message “clearly isn’t getting through to agencies”.
“The Government has to get into the 21st Century and secure its websites,” Curran adds.
“Amy Adams launched a computer emergency response team (CERT) to great fanfare late last year to help protect the public and businesses online.
“It’s extremely embarrassing that its government agencies need that team more than anyone.”
- Kiwis “chomping at the bit” as UFB connections accelerate by 135 percent
- Access for 280,000 Kiwi households and businesses as rural broadband rollout gathers pace
- Is NZ a risky place to do business?
- NZ first as new cyber insurance platform targets Kiwi SMEs
- Tech takes centre stage as Labour unveils “10 big ideas” to shape policy development