BreachExchange mailing list archives
Call for change following latest Govt privacy breach
From: Erica Absetz <erica () riskbasedsecurity com>
Date: Sat, 20 Apr 2013 23:23:41 -0400
http://tvnz.co.nz/national-news/call-change-following-latest-govt-privacy-breach-5412122 An IT expert is calling for a change in government department culture following an IRD email glitch that may have sent private, tax-sensitive information to the wrong people. The glitch yesterday afternoon saw 47 people incorrectly sent 182 emails when the 'to' and 'from' lines on a small number of messages were automatically changed. The IRD has stopped all incoming and outgoing email while it investigates the cause of the glitch. Acting director Mike Hewetson said he could not rule out the possibility that tax-sensitive information was sent to the wrong people. "It's a range of the general emails that the organisation produces so some of those are personal and others of them would be private and others may contain tax sensitive information but at this stage we just don't know," he said. "We do take privacy and secrecy really seriously, we're obviously disappointed and we want to apologise." Institute of IT Professionals chief executive Paul Matthews says there needs to be a shift in culture within government departments. "What's got to change is the people, and the culture and the way they treat the confidential information," he said. "These sort of things undermine public confidence in the system, so they have to make absolutely sure they've got the systems and the processes and the technology in place to protect people's data." Matthews added that email is an insecure medium to send sensitive information. "You shouldn't be sending anything via email that you wouldn't put on the back of a postcard." The minister responsible for IRD, Peter Dunne, said he was disappointed with the situation but the department was making the privacy and secrecy of taxpayer information its top priority. It's the second time the department has been in the firing line. ONE News revealed figures in October showing the privacy of more than 6,000 New Zealanders had been breached by IRD in the past year. It also follows a number of other high profile government department privacy breaches, including EQC, Work and Income and ACC. It is not clear how long it will take to resolve the issue or when the department's emails will be running again, but Dunne said he was hopeful it would be sorted by Monday morning. IRD deals with more than 100,000 emails every day. _______________________________________________ Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges. Tenable Network Security (http://www.tenable.com/) Tenable Network Security provides a suite of solutions which unify real-time vulnerability, event and compliance monitoring into a single, role-based, interface for administrators, auditors and risk managers to evaluate, communicate and report needed information for effective decision making and systems management.
Current thread:
- Call for change following latest Govt privacy breach Erica Absetz (Apr 22)