Back in October, we learned that the Internet kiosks from the New Zealand Work and Income (WINZ) office exposed sensitive information stored on the agency’s networks. At the time, an investigation was launched into the issue and Deloitte was called in to make reports on the privacy breach.
The second report issued by Deloitte has revealed the primary causes of the breach were that security was not adequately designed into the kiosk project, and the exposures identified by the penetration testing were not adequately escalated.
On the bright side, the report has found that these issues are not widespread across the Social Development Ministry.
“Deloitte has found that we need to improve our policies and processes to ensure that information security risks are escalated to the right level in all cases. We also need to make explicit that information systems security is a critical part of all our IT projects and is an integral part of everyday business,” Ministry of Social Development Chief Executive Brendan Boyle said.
The two reports cost a total of $450,000 (365,000 EUR), NewsTalkZB informs.
Officials defended the large costs by saying that they wanted to offer the public some assurance as quickly as possible.