MSD – can it get worse?

Admissions that the MSD data vulnerabilities may have been unaddressed for eighteen months.

MSD boss admits warnings might have been ignored

Ministry of Social Development CEO Brendan Boyle has admitted his agency might have ignored warnings from Dimension Data – the company that tested security on its WINZ kiosks.

“We received a report from Dimension Data in April 2011, which identified flaws in our system,” Mr Boyle said in a statement this morning.

At a press briefing yesterday afternoon, Mr Boyle said KPMG and Dimension Data consulted on security to the MSD. Dimension Data had carried out penetration testing on the kiosks and found no issues.

“Since yesterday afternoon I have received further information that means I am not confident that we took the right actions in response to Dimension Data’s recommendations on security. I will look to the review to provide me with the answers.

“We will be asking Deloitte to determine what we did to follow up this report’s recommendations and whether our response was adequate.”

He added, ““I can confirm that KPMG was not engaged to penetration test our public kiosks. They have, however, been engaged in doing testing on other parts of our system.”

http://www.nbr.co.nz/article/msd-boss-admits-warnings-might-have-been-ignored-ck-130774

This is looking like incompetence followed by ineptness.