[ISN] 'Staggering' security breach at Winz

From: InfoSec News <alerts_at_private>
Date: Mon, 15 Oct 2012 05:41:11 -0500 (CDT)
http://www.odt.co.nz/news/politics/230439/staggering-security-breach-winz

By Kate Shuttleworth
Otago Daily Times
15 Oct 2012

Thousands of files on the Ministry of Social Development's computer 
servers, including the personal details of at-risk children, have been 
accessed through a Wellington Work and Income jobseeker kiosk.

Journalist and blogger Keith Ng described how he went into a Work and 
Income (WINZ) office and used a self-service kiosk, normally used to 
look at job vacancies, to access up to 3500 files on the agency's 
server, "just using the Open File dialogue in Microsoft Office".

Mr Ng said the files were PDF copies of ministry files and he has posted 
screen shots of what he found online.

He said on Sunday night on Public Address he had managed to view an 
invoice to a community group who had supported a family after their 
family member attempted suicide,including the person's name, invoices 
relating to children in Child Youth and Family (CYF) care, including 
addresses, sensitive client case notes, the names of candidates for 
adoption and passwords in plain text.

Mr Ng said all information he had obtained would be handed to the 
Privacy Commissioner and he had sought advice from a media law expert 
prior to publication on the blog.

[...]


--
CISSP and CEH Live OnLine training with ExpandingSecurity.com is the fastest,
easiest way to master the relevant data you need now.  Sign up for the free
weekly PainPill and try a free class.  It is easy.
http://www.expandingsecurity.com/PainPill
Received on Mon Oct 15 2012 - 03:41:11 PDT

This archive was generated by hypermail 2.2.0 : Mon Oct 15 2012 - 03:36:45 PDT