14 DAY TRIAL // In order to provide online access for those in search of a job, the New Zealand Work and Income (WINZ) office has set up some Internet kiosks. The problem is that these kiosks have been found to expose the information stored on the agency's networks.
After being told of the issue, journalist Keith Ng went to check out the machines for himself. He found that the file manager was disabled to prevent users from “poking around.”
However, that’s not enough to really stop someone from accessing a computer’s hard drive. Ng found that the task could be easily performed by opening the Open File window in one of the Microsoft Office applications installed on the computers.
Normally, there shouldn’t be much information stored on Internet kiosks, but in this case, the devices were connected to the WINZ’s internal networks.
“This basically means you can grab any file that wasn’t bolted down on the network, while standing in the middle of a WINZ office,” Ng explained.
He found information on contractors, doctors, debt collection, fraud investigation and much more. Bills, invoices and even passwords were freely available for anyone who knew how to snoop around.
After learning of the incident, cabinet minister for social development and employment, Paula Bennett, apologized to New Zealand citizens and admitted that “significant mistakes were made.”
On the other hand, Chief Executive of the Ministry of Social Development, Brendan Boyle, admitted that someone had alerted them to the issue last week, but claimed that they didn’t take any action because the individual didn’t provide any details, SC Magazine reports.
Also, the informant hoped to get a reward for notifying authorities on the issue, but according to ministry representatives, that was out of the question.
It’s believed that this informant is the same one that tipped off the journalist.
In the meantime, the kiosks have been taken offline.