Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.

MSD releases independent report into IT security breach
Posted on 2-Nov-2012 10:50. | Tags Filed under: News.



The Ministry of Social Development today released the independent report by Deloitte into the security breach of Work and Income kiosks.

Ministry of Social Development Chief Executfive Brendan Boyle says the report is damning around MSD’s failure to separate public kiosks from a network containing corporate files.

“However I am very pleased to report that there has not been a widespread privacy breach. Investigations have determined that there is no evidence that the Kiosk breach went beyond that of Keith Ng and his associate Ira Bailey.

“Both men have cooperated with the Deloitte investigation and with the Privacy Commissioner. They have handed the information over and promised they have not shared that information with anyone else.

“I’m sorry that this matter has created concern amongst people who have information stored with us. However, it is good that we are able to reassure people today,” said Brendan Boyle.

“The report found insufficient work was done by the Ministry to ensure appropriate security was placed around the protection of information at the time the kiosk infrastructure and services were designed and built.

“While independent testing done on the kiosks was sound, the Ministry’s response to the security issues identified was inadequate.

“The review found the Ministry’s response to the issues raised by Keith Ng and Ira Bailey was sound, prompt and considered.

“In terms of people’s privacy we are extremely fortunate that the risk of harm from this is extremely low because there were only two people who looked at a limited number of the invoices. Both men have returned all the information and assured us and the Privacy Commissioner that they have not distributed it to anyone else.

“Around 1,432 of the 7,300 odd items did contain some personal information such as a person’s name and/or date of birth and some description of the medical and legal services that were purchased.

“Of all the items downloaded the invoices relating to 10 individuals contained highly sensitive information.

“In the case of the eight children and two adults whose invoices contained highly sensitive information – we will be working on how best to respond to these individuals. This approach is in accordance with the Privacy Commissioner’s guidelines.

“In announcing the independent review I said that what had occurred was completely unacceptable and I continue to hold that view.

“The review finds security issues were identified and raised on a number of occasions, including by Dimension Data, but staff woefully under-estimated the risk of a malicious attack.

“In doing so they appear to have failed to take the necessary steps to ensure the Ministry safeguarded people’s personal information.

“I’m gutted and disappointed that we’ve let people down.

“Of particular concern is that risks and concerns which were identified do not appear to have been escalated to the right people.

“The Deloitte report confirms that staff members in leadership positions were not alerted to these issues and therefore had no opportunities to exercise appropriate judgement.

“The report makes it clear there were risk and governance processes in place, however these were not appropriately used.

“Questions must now be asked about the adequacy of these processes and whether this was an extraordinary series of events, or whether it raises broader issues about the appropriateness and effectiveness of the Ministry’s wider information systems security.

“This will all be considered in the second phase of the Deloitte independent review, which will include consideration of our policies, governance, capability and culture.

“This second phase review will be completed later this month.

“In the meantime I can confirm that at this stage four employment investigations are being undertaken by an independent barrister.

“These investigations need to run their course before I determine the next steps.

“I can assure people that the employment investigations will be thorough and people will be held to account for their conduct,” concluded Brendan Boyle.


Download: http://www.msd.govt.nz/documents/about-msd-an...
comments powered by Disqus


Trending now »

Hot discussions in our forums right now:

The world's biggest troll Steve Biddle turns 40
Created by scottjpalmer, last reply by allan on 4-Jul-2015 13:59 (108 replies)
Pages... 6 7 8


When are the new snap/2 degrees broadband plans coming out?
Created by Guv, last reply by eXDee on 1-Jul-2015 15:58 (21 replies)
Pages... 2


Ticketek Sort your website - Super15 Final, ticket sales & scalping
Created by keewee01, last reply by mudguard on 3-Jul-2015 15:24 (93 replies)
Pages... 5 6 7


FreeviewPlus has arrived and so has the aerialBox T2100
Created by joshhill96, last reply by joshhill96 on 2-Jul-2015 20:37 (37 replies)
Pages... 2 3


Any new RUM tool for NZ?
Created by pcmac, last reply by freitasm on 1-Jul-2015 21:48 (17 replies)
Pages... 2


Browser does not accept mime type error geekzone?
Created by gzt, last reply by gzt on 2-Jul-2015 21:57 (14 replies)

Vodafone Smart Prime - Some Questions
Created by StevieT, last reply by StevieT on 2-Jul-2015 19:18 (28 replies)
Pages... 2


is Windows Phone/Mobile doomed
Created by MikeB4, last reply by Wade on 1-Jul-2015 11:09 (85 replies)
Pages... 4 5 6