The State Services Commission has ordered an urgent review of publicly-accessible computer systems operated by government departments following the Work and Income kiosk security failure.
This comes as the Social Development Ministry admits it knew but failed to fix a flaw in the Winz computer system that left thousands of private details exposed.
Head of State Services Iain Rennie has told the Government Chief Information Office to undertake the review.
"The Work and Income kiosk security failure has been a serious breach of the trust that New Zealanders place in their government," Rennie said in a statement tonight.
"It is imperative that government takes the lead to ensure the public and in repairing the damage that has been done to this trust."
As GCIO and Chief Executive of the Department of Internal Affairs, Colin McDonald will be contacting government agencies in the first instance to seek assurances that their current systems are robust, Rennie said.
The GCIO will lead Public Service agencies in evaluating and strengthening their ICT security measures to ensure there are no systemic faults that could cause additional security issues, he said.
Ministry admits failing to fix computers
The Minister of Social development in charge, Paula Bennett, has admitted officials were warned about the problem 18 months ago.
But now she has been drawn into a privacy debate of her own.
It is now known that for 18 months Government officials knew the computer kiosks in Winz offices exposed thousands of private details.
But it appears they ignored an IT company's warning.
"They had identified a flaw," Bennett said today.
"I think it's our responsibility now to find out if it had been followed up appropriately. And I mean you have to just say by what we're dealing with in the last few days, they haven't been."
After a previous warning about their security, Dimension Data was called in to test the kiosks in April last year.
Yesterday, the Ministry of Social Development blamed Dimension Data for failing to find this fault.
MSD Chief Executive Brendan Boyle yesterday said Dimension Data had not found the problem.
In fact, Dimension Data found exactly the same flaw that allowed a blogger to access, among other details, Work and Income's names of people who have tried to commit suicide and addresses of Child Youth and Family safe houses.
Now a source has told ONE News the ministry's failure to fix the fault appears to be "gross negligence".
What's more, the Minister admits that unless people come forward, no one will ever know who else looked at the private files.
"We have no way of tracing what people have been doing on the kiosks," Bennett said.
Ministry accused of leaking source
But now it's not just the ministry's regard for privacy that is being called into question but also the Minister's. There are accusations that either her office or the ministry leaked the name of Ira Bailey, the man at the centre of this saga.
Overnight, media learned that Bailey was the man who tipped off the blogger, Keith Ng, about the flaw after first asking the ministry for a reward for helping to fix it.
Bailey is one of the 17 originally rounded up in the Urewera terrorism raids, but charges against him were dropped.
Green Party Co-leader Metiria Turei asked Bennett in Parliament today did she or any of her staff have any involvement in the leak of Bailey's name to the media?
"Not to my knowledge, no," Bennett replied.
Bennett said that right now she and her ministry are very concerned about people's personal information being made available through the kiosks.
"That is our focus, that is the seriousness that we're taking
that. I have zero interest in going on a bit of a witch-hunt at the
moment," she said.
It turns out that on the same day Bailey warned of the computer flaw, a staffer in Bennett's office logged onto his professional profile on Linkedin.
That doesn't prove anything, it just muddies the waters in a
privacy saga that is already messy enough.