BreachExchange mailing list archives
'Staggering' security breach at Winz
From: security curmudgeon <jericho () attrition org>
Date: Mon, 15 Oct 2012 11:34:42 -0500 (CDT)
---------- Forwarded message ---------- From: InfoSec News <alerts () infosecnews org> http://www.odt.co.nz/news/politics/230439/staggering-security-breach-winz By Kate Shuttleworth Otago Daily Times 15 Oct 2012 Thousands of files on the Ministry of Social Development's computer servers, including the personal details of at-risk children, have been accessed through a Wellington Work and Income jobseeker kiosk. Journalist and blogger Keith Ng described how he went into a Work and Income (WINZ) office and used a self-service kiosk, normally used to look at job vacancies, to access up to 3500 files on the agency's server, "just using the Open File dialogue in Microsoft Office". Mr Ng said the files were PDF copies of ministry files and he has posted screen shots of what he found online. He said on Sunday night on Public Address he had managed to view an invoice to a community group who had supported a family after their family member attempted suicide,including the person's name, invoices relating to children in Child Youth and Family (CYF) care, including addresses, sensitive client case notes, the names of candidates for adoption and passwords in plain text. Mr Ng said all information he had obtained would be handed to the Privacy Commissioner and he had sought advice from a media law expert prior to publication on the blog. [...] _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges. Tenable Network Security (http://www.tenable.com/) Tenable Network Security provides a suite of solutions which unify real-time vulnerability, event and compliance monitoring into a single, role-based, interface for administrators, auditors and risk managers to evaluate, communicate and report needed information for effective decision making and systems management.
Current thread:
- 'Staggering' security breach at Winz security curmudgeon (Oct 15)