The incompetence of Paula Bennett’s Ministry of Social development is truly unbelievable. They left confidential information accessible from public kiosks. It came out early on that they were warned of the vulnerability in July last year by a beneficiary advocate – and they did nothing. Yesterday it emerged that they were also warned by an IT company – and they did nothing!
IT firm warned WINZ of kiosk issues last year
The Ministry of Social Development was warned by an IT company last year that private client information could be accessed on its public computer kiosks.
But the system flaws are only being fixed now – a year-and-a-half later – after blogger Keith Ng accessed tens of thousands of confidential documents.
In April last year security experts from leading international IT company Dimension Data were contracted to hack Work and Income kiosks to find vulnerabilities in the system. Yesterday the Ministry of Social Development CEO said the company didn’t find anything wrong, and today the story changed.
“Dimension Data raised issues with MSD, MSD paid them $10,000 to do that and then did nothing to follow up the problems they identified,” says Labour social development spokeswoman Jacinda Ardern.
Then of course, there was the third warning from Ira Biley. He approached the MSD, and requested a reward for his information (much like Dimension Data was paid 10K). When this was declined he tipped off Keith Ng, and the rest is history. Naturally the Nats (and their odious proxies), looking for any kind of distraction, have attacked him. Continuing the piece above:
Ms Bennett and her staff have been accused of intentionally leaking Urewera 17 member Ira Bailey’s name to the media. He tipped Mr Ng off, having failed to get money from the Ministry of Social Development for pointing out the system flaws.
“He was asking for a reward – I believe that was the word that was used – so you can sort of take from that what you want to,” Ms Bennett says.
Ms Bennett says … no one was under any obligation to keep Mr Bailey’s name secret But the Opposition will keep asking for an investigation into what it believes was a revenge leak.
Earlier this year the Privacy Commissioner concluded that Paula Bennett broke the law in leaking the private details of two beneficiaries. Bennett refused to accept the conclusion, and said that she could leak details again in the future. Sure enough she appears to have done so again. Naturally Key (who joined in the attack) will not hold her to account. So (in Bennett’s own words eh) you can sort of take from that what you want to…