15 October 2012
We were contacted late yesterday afternoon by the blogger who has broken the story about the security breach at Ministry of Social Development's Work and Income kiosks. It appears that some types of personal data, and other confidential data, could be accessed through the kiosks with relative ease.
Most of the data that we know about so far involves invoices and file server logs. We do not have evidence that the Ministry's client databases have been compromised, though obviously this is something we will be looking very closely at.
Our first priority was to make sure that the kiosks were closed so that no further information could be accessed. We spoke to the Ministry yesterday evening and got assurances that the kiosks would be closed before the service centres opened this morning.
Secondly, we wanted to make sure that the information that had been downloaded was returned to us so that people did not need to be worried about its security. The blogger has given us the information this morning. He has not kept copies.
We are very concerned about this security breach and we are investigating what happened. Protecting personal information is a cornerstone of public trust in both government and business, particularly in the digital environment - and this is one of several recent incidents that show that agencies need to up their game.
The Ministry has advised us that people who are concerned are welcome to ring them on: 0800 559 009.