17 Oct 2012

MSD security flaw probably found last year - Bennett

5:17 am on 17 October 2012

Social Development Minister Paula Bennett says is likely a flaw in her ministry's computer systems was actually uncovered in a review last year.

The Ministry of Social Development has appointed Deloittes to investigate how private information was accessed through public computer kiosks in Work and Income offices, while the Government's chief information officer Colin MacDonald is to consider whether any similar security gaps are present at any other state agency.

Sensitive information was accessed through the public kiosks by IT analyst Ira Bailey. Blogger Keith Ng, who was also able to get sensitive data through a kiosk set up for job seekers, went public with the security breach.

Information about children in the care of Child, Youth and Family, beneficiaries, and contractors employed by the ministry has been freely accessible.

On Monday, the ministry said an investigation by Dimension Data in April last year did not discover the weakness.

However, on Tuesday the ministry admitted that an investigation by the company did identify flaws in the system at that time. It says it is not confident that the right actions were taken after that report in response to its recommendations on security.

Mrs Bennett says it looks like the same weakness made public this week.

"They had identified a flaw. I think its our responsibility now to find out if had been followed up appropriately. You have to just say, by what we're dealing with in the last few days, they haven't been."

Security of child database 'crucial'

Earlier, Paula Bennett told Radio New Zealand's Morning Report programme an expert panel is working on a database for vulnerable children to ensure its security.

As part of its plan to tackle child abuse, the Government on 11 October announced it would set up a database of all at-risk children allowing agencies, social workers, schools and health professionals to share information.

Mrs Bennett has said she has always known the integrity of that abuse database is critical, and the panel is making sure they get it absolutely right.

Green Party technology spokesperson Gareth Hughes told Morning Report it is incredible there could be such a massive breach of a system that is only two years old.

Mr Hughes says the system was designed in-house, obviously as a way to save money, and a key question for the review is whether cheapest is always best.

The kiosks were set up two years ago to allow Work and Income clients to search job listings, create CVs, apply for jobs and make appointments. They have now been closed.