Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

'Staggering' security breach at Winz

From: InfoSec News <alerts () infosecnews org>
Date: Mon, 15 Oct 2012 05:41:11 -0500 (CDT)
http://www.odt.co.nz/news/politics/230439/staggering-security-breach-winz

By Kate Shuttleworth
Otago Daily Times
15 Oct 2012
Thousands of files on the Ministry of Social Development's computer servers, including the personal details of at-risk children, have been accessed through a Wellington Work and Income jobseeker kiosk.
Journalist and blogger Keith Ng described how he went into a Work and Income (WINZ) office and used a self-service kiosk, normally used to look at job vacancies, to access up to 3500 files on the agency's server, "just using the Open File dialogue in Microsoft Office".
Mr Ng said the files were PDF copies of ministry files and he has posted screen shots of what he found online.
He said on Sunday night on Public Address he had managed to view an invoice to a community group who had supported a family after their family member attempted suicide,including the person's name, invoices relating to children in Child Youth and Family (CYF) care, including addresses, sensitive client case notes, the names of candidates for adoption and passwords in plain text.
Mr Ng said all information he had obtained would be handed to the Privacy Commissioner and he had sought advice from a media law expert prior to publication on the blog. 

[...]


--
CISSP and CEH Live OnLine training with ExpandingSecurity.com is the fastest,
easiest way to master the relevant data you need now.  Sign up for the free
weekly PainPill and try a free class.  It is easy.
http://www.expandingsecurity.com/PainPill
Previous By Date Next
Previous By Thread Next

Current thread: