The Prime Minister of New Zealand has called for a public enquiry into a serious information security breach that was exposed this weekend.
The breach concerned self-service kiosks based in the offices of the government’s Work and Income department (WINZ), which were free to use for job seekers. According to blogger Keith Ng, anyone using these kiosks could bypass network security by simply using Microsoft Word to open a document.
Ng found that he could use this technique to access data on the Ministry of Social Development’s network, including the names and addresses of children living in care, details of the drugs they were prescribed and records of their legal affairs.
Interesting Links
Also accessible were the details of people the department is investigating for fraud, and who owe the department money.
"This stuff was all a few clicks away at any WINZ kiosk, anywhere in the country," Ng wrote. "The privacy breach is massive, and the safety of vulnerable children was put at risk."
The kiosks were closed following Ng’s report, which was prompted by a tip-off from a member of the public.
Today, Prime Minster John Key called for a "government-wide" review of online information following the breach, the New Zealand Herald reports. The paper says that Key described the Ministry’s IT systems as "quite old and quite clunky", despite the kiosk system being less than two years old.
"Any time we have an episode like this, it has the capacity for very serious damage to trust in government and in business," said New Zealand’s assistant privacy commissioner Katrine Evans. "I think people are waking up to the fact that protection of personal information is one of the foundation stones."