http://www.odt.co.nz/news/politics/230439/staggering-security-breach-winz By Kate Shuttleworth Otago Daily Times 15 Oct 2012 Thousands of files on the Ministry of Social Development's computer servers, including the personal details of at-risk children, have been accessed through a Wellington Work and Income jobseeker kiosk. Journalist and blogger Keith Ng described how he went into a Work and Income (WINZ) office and used a self-service kiosk, normally used to look at job vacancies, to access up to 3500 files on the agency's server, "just using the Open File dialogue in Microsoft Office". Mr Ng said the files were PDF copies of ministry files and he has posted screen shots of what he found online. He said on Sunday night on Public Address he had managed to view an invoice to a community group who had supported a family after their family member attempted suicide,including the person's name, invoices relating to children in Child Youth and Family (CYF) care, including addresses, sensitive client case notes, the names of candidates for adoption and passwords in plain text. Mr Ng said all information he had obtained would be handed to the Privacy Commissioner and he had sought advice from a media law expert prior to publication on the blog. [...] -- CISSP and CEH Live OnLine training with ExpandingSecurity.com is the fastest, easiest way to master the relevant data you need now. Sign up for the free weekly PainPill and try a free class. It is easy. http://www.expandingsecurity.com/PainPillReceived on Mon Oct 15 2012 - 03:41:11 PDT
This archive was generated by hypermail 2.2.0 : Mon Oct 15 2012 - 03:36:45 PDT