Massive New Zealand Government Security Flaws Uncovered

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

Blogger Keith Ng recently reported that public computer kiosks in New Zealand's Work and Income (WINZ) offices allowed access to a wide range of highly sensitive data.

"The kiosks were installed by Dimension Data, which earlier this year reportedly conducted an audit of the system," notes The Register's Richard Chirgwin.

"With minimal effort, the blogger was able to download approximately 7,000 emails; he estimates this to be about a quarter of the accessible data," The H Security reports. "Aside from the aforementioned information, he apparently also had access to configuration files of virtual machines deployed on the network."

"The files included the names of children currently in state care. ... He was also able to see children's medical records, legal bills and debt collector invoices," writes BBC News' Zoe Kleinman.

"Ministry officials said they had shut down all of the computer kiosks in its public offices and there was no evidence the network had been hacked," UPI reports. "'I apologize to everyone now,' Social Development Minister Paula Bennett told Radio New Zealand. 'I'm mortified that they had that level of trust in the ministry and at some level we've let them down.'"

"The New Zealand assistant privacy commissioner Katrine Evans said her office is very concerned about the breach and has already launched an investigation," writes iTnews.com.au's Juha Saarinen.