Gordon Campbell | Parliament TV | Parliament Today | News Video | Crime | Employers | Housing | Immigration | Legal | Local Govt. | Maori | Welfare | Unions | Youth | Search

 

MSD releases independent report into IT security breach

MSD releases independent report into IT security breach and confirms no widespread privacy breach

02 November 2012.

The Ministry of Social Development today released the independent report by Deloitte into the security breach of Work and Income kiosks.

Ministry of Social Development Chief Executfive Brendan Boyle says the report is damning around MSD’s failure to separate public kiosks from a network containing corporate files.

“However I am very pleased to report that there has not been a widespread privacy breach. Investigations have determined that there is no evidence that the Kiosk breach went beyond that of Keith Ng and his associate Ira Bailey.

“Both men have cooperated with the Deloitte investigation and with the Privacy Commissioner. They have handed the information over and promised they have not shared that information with anyone else.

“I’m sorry that this matter has created concern amongst people who have information stored with us. However, it is good that we are able to reassure people today,” said Brendan Boyle.

“The report found insufficient work was done by the Ministry to ensure appropriate security was placed around the protection of information at the time the kiosk infrastructure and services were designed and built.

“While independent testing done on the kiosks was sound, the Ministry’s response to the security issues identified was inadequate.

“The review found the Ministry’s response to the issues raised by Keith Ng and Ira Bailey was sound, prompt and considered.

“In terms of people’s privacy we are extremely fortunate that the risk of harm from this is extremely low because there were only two people who looked at a limited number of the invoices. Both men have returned all the information and assured us and the Privacy Commissioner that they have not distributed it to anyone else.

“Around 1,432 of the 7,300 odd items did contain some personal information such as a person’s name and/or date of birth and some description of the medical and legal services that were purchased.

“Of all the items downloaded the invoices relating to 10 individuals contained highly sensitive information.

“In the case of the eight children and two adults whose invoices contained highly sensitive information – we will be working on how best to respond to these individuals. This approach is in accordance with the Privacy Commissioner’s guidelines.

“In announcing the independent review I said that what had occurred was completely unacceptable and I continue to hold that view.

“The review finds security issues were identified and raised on a number of occasions, including by Dimension Data, but staff woefully under-estimated the risk of a malicious attack.

“In doing so they appear to have failed to take the necessary steps to ensure the Ministry safeguarded people’s personal information.

“I’m gutted and disappointed that we’ve let people down.

“Of particular concern is that risks and concerns which were identified do not appear to have been escalated to the right people.

“The Deloitte report confirms that staff members in leadership positions were not alerted to these issues and therefore had no opportunities to exercise appropriate judgement.

“The report makes it clear there were risk and governance processes in place, however these were not appropriately used.

“Questions must now be asked about the adequacy of these processes and whether this was an extraordinary series of events, or whether it raises broader issues about the appropriateness and effectiveness of the Ministry’s wider information systems security.

“This will all be considered in the second phase of the Deloitte independent review, which will include consideration of our policies, governance, capability and culture.

“This second phase review will be completed later this month.

“In the meantime I can confirm that at this stage four employment investigations are being undertaken by an independent barrister.

“These investigations need to run their course before I determine the next steps.

“I can assure people that the employment investigations will be thorough and people will be held to account for their conduct,” concluded Brendan Boyle.

Read the Independent Review of Information Systems Security - Deloitte (PDF 569.44KB)

Factsheet: Privacy Process following Work and Income Kiosk Security Breach

ENDS

Scoop copy of report: independentreviewdeloitte.pdf

Factsheet below

--

Privacy Process following Work and Income Kiosk Security Breach

Introduction

The Ministry of Social Development has completed a thorough investigation into private information which was recently accessed at two Work and Income kiosks in Wellington.

The Ministry understands that the public is concerned by this breach and that some MSD clients will have questions around whether their information was accessed.

In terms of peoples’ privacy we are extremely fortunate that the risk of harm from this is extremely low because there were only two people who looked at a limited number of the invoices. Both men returned all the information and have not distributed it to anyone else.

Around 1,432 items did contain some personal information such as a person’s name and or date of birth and some description of the medical or legal services that were purchased.

Of all the items downloaded the invoices relating to 10 individuals contained highly sensitive information.

In the case of these 10 people we will be talking with the professionals who work with them to see if they should be informed and if so, how best to do this.

This approach is in accordance with the Privacy Commissioner’s guidelines.

What happened?

On Monday the 15th of October the Ministry of Social Development received a USB containing 7,307 items downloaded from two kiosks.

A team led by the Ministry’s Chief Legal Advisor then put in an intensive effort to analyse these items and categorise them based on the amount of personal information contained in them, and the sensitivity of that information.

What did this team find?

Information on the USB related to corporate data. Most were invoices with no client details. However as outlined above around 1,432 items did contain some personal information.

Of all these items, invoices relating to10 individuals contained highly sensitive information.

Was there a privacy breach?

Yes, in the sense that two individuals accessed people’s information that was of a personal nature.

In the majority of cases, we have assessed the impact of the breach to be low as Keith Ng and Ira Bailey have assured us that the information was not further distributed and they have not retained copies.

In the case of the eight children and two adults whose invoices contained highly sensitive information – we will be working on how best to respond to these individuals. This approach is in accordance with the Privacy Commissioner’s guidelines.

Privacy Commissioner's Guidelines

Will you be contacting other people affected by this breach?

We have, already begun contacting people who have approached the Ministry to ask if their details were accessed.

We will not be making contact with anyone else who had some or part of their information downloaded. Their information was not widely distributed meaning any risk to them is low.

What CERA information has been accessed?

Of the 7307 items downloaded this included 533 CERA invoices. CERA will determine the level of harm or risk and decide whether those suppliers / individuals need to be contacted.

What if my information has been accessed?

Anyone who is concerned that their information has been accessed can contact the Ministry of Social Development on 0800 559 009.

The Privacy Act allows anyone who feels they may be affected by a privacy breach to make a complaint to the Privacy Commissioner.


ENDS


© Scoop Media

 
 
 
Parliament Headlines | Politics Headlines | Regional Headlines

Covid-19: Dissolution Of Parliament Delayed As Govt Hunts Source Of New infections


The dissolution of Parliament has been deferred by at a least a few days due to the new covid-19 cases, Prime Minister Jacinda Ardern said.
This was in case Parliament had to be reconvened as more information came to light, Ardern said at a briefing on the three-day level 3 lockdown in Auckland and level 2 alert for the rest of the country.
A decision about the dissolution of Parliament and any flow on effects for the timing of the election would be considered on Monday, Ardern said... More>>

 

Government: Plan To Tackle Problem Plastics

Following the success of the phase out of single-use plastic shopping bags, the Government now has plans to phase out more single-use and problem plastics to reduce waste and protect the environment announced Associate Minister for the Environment ... More>>

ALSO:

Gordon Campbell: On The New Lockdowns, Leadership And Lebanon

As Melbourne has shown, the webs of urban life overlap so extensively that community transmission can be very hard to trace, let alone control. Each of the family members in the South Auckland family at the centre of the current outbreak will have had ... More>>


ALSO:

National: Emma Mellow As Auckland Central Candidate

Tonight the National Party has selected Emma Mellow to stand in the Auckland Central electorate for the 2020 General Election. Emma Mellow replaces retiring MP Nikki Kaye who first won the seat from Labour in 2008. Emma leads a team of communications ... More>>

ALSO:

Travel: Update On New Zealand And The Cook Islands Bubble

The Prime Minister of New Zealand Jacinda Ardern and the Prime Minister of the Cook Islands Henry Puna have welcomed the completion of phase one in the establishment of a travel bubble between New Zealand and the Cook Island. More>>

Election 2020: Labour Launch

E ngā mana e ngā reo Ngāti whātua ngā mana whenua o Tāmaki Makaurau, e tika te kōrero Ehara taku toa he toa (taki tahi) he toa (taki tini) No rēira tātou e huihui mai nei, ka ‘Hoake tonu tātou’ Thank you for that welcome. And thank ... More>>

Gordon Campbell: On Political Twins, And On Labour Extending Its Wage Subsidy Scheme

A quick quiz for the weekend. Which political party currently represented in Parliament issued a press release yesterday that contained these stirring passages: “[We have] long supported a free trade and free movement area between Canada, Australia, New ... More>>

ALSO:


Covid-19: Poll On Management Approval

New Zealanders’ overall trust in the Ministry of Health and Government to manage the COVID-19 pandemic is at 82%, down from 91% during April. Overall distrust that the Ministry and Government will manage it in ways which best protect themselves More>>

Election 2020: National Releases 2020 Party List

National’s 2020 Party List is a strong mix of experience coming up through our Caucus, and new and exciting talent joining our team from communities across New Zealand, Party President Peter Goodfellow says. “The National Party is incredibly ... More>>

Horizon Research Limited: How Judith Collins Stopped The Bleeding

Horizon Research includes questions on voting from time to time in its surveys – for both forthcoming referenda and general elections. More>>

Your Vote 2020: Bringing Election Coverage To Viewers Across TVNZ Channels And Platforms

As New Zealand gets ready to head to the ballot box this September, 1 NEWS is bringing voters comprehensive coverage and analysis of this year’s General Election. TVNZ’s coverage will draw on the depth of experience held across the 1 NEWS team, says Graeme ... More>>

Economy: 30% Believe Households Worse Off, 298,000 Expect To Lose Jobs

64% of New Zealanders feel the economic position of their households is the same or better than a year ago – and 30% think it is worse or much worse, while 298,000 think they will lose their jobs in the next 12 months. Households’ perceptions ... More>>

State Services Commission: Findings Of Investigation Into COVID-19 Active Cases Privacy Breach

Deputy State Services Commissioner Helene Quilter has today announced the findings of an investigation into a breach of privacy regarding sensitive personal information. The investigation looked into who or what caused the disclosure of the information, ... More>>

International Security: New Zealand Suspends Extradition Treaty With Hong Kong

The New Zealand Government has suspended its extradition treaty with Hong Kong and made a number of other changes in light of China’s decision to pass a national security law for Hong Kong, Foreign Affairs Minister Winston Peters says. More>>

ALSO:


 
 
 
 
 
 

LATEST HEADLINES

  • PARLIAMENT
  • POLITICS
  • REGIONAL
 


 

InfoPages News Channels