Tuia privacy breach reminiscent of National-era breaches

It has come to my attention that the database handling the registrations of people and organizations wishing to participate in the Captain Cook 250th Anniversary was breached.

Officially this one was put down to a “coding error” in the website.  But in the last couple of days it has emerged that the website provider was not on the list of approved providers for Government departments, which according to Labour M.P. Priyanka, has since changed. Prime Minister Jacinda Ardern has since made a rule that only those providers on a list vetted and approved

The Chief Executive of the Ministry of Culture and Heritage, Bernadette Cavanagh must be aware that her future in the role is severely tainted by this failure. The fact that she has not been shown the door or had it formally suggested to her may be because – although quite serious – this is at the lower end of the scale of privacy breaches when recent examples are brought to light.

The more serious breaches I am thinking of are a slew that affected several Ministries and Departments during the National-led Government of Prime Minister John Key. Thousands, if not tens of thousands of people were affected. Under that Government there were notable breaches at Ministry for Social Development including its umbrella agency Work and Income New Zealand; Accident Compensation Corporation and others.

Some of the breaches affected some of our most vulnerable people – victims of domestic violence, handicapped children and people with terminal illnesses. In at least one instance it was put down as an “operational matter”, which I deduced was political speak for internal issue or more to the point: “none of your business”. No one in a senior management role was fired though the case certainly existed for their departure.

So, what could be done to prevent further breaches in the future. Several things actually:

  1. Regularly check who has what access rights to particular information
  2. Ensure that multiple layers of increasing security are in place, cutting off certain groups or individuals when their access rights fail to meet a certain threshhold
  3. Require password changes to not be simple ones like password123
  4. Install software to monitor potential outside attacks

Much of this is actually just plain common sense. But the number of large companies, government organizations and so forth where pass words are as weak as the example above is probably likely to surprise. Use a pass word that is something like !computer0 – the use of numerical digits and special characters significantly complicates the process of cracking a password for a hacker. A method of getting everyone to change their password on a regular basis could be to set a expiry mechanism that means after a given time – say a month – the password simply stops working and a new one has to be established.

Make sure your anti virus software is working. If you have Windows 10, the default Windows Defender is considered adequate for what most people are going to use their computer for. W.D. is known to clash with exotic anti-virus software such as Bitdefender, or Norton Antivirus and may slow your machine down if it finds itself competing with one.

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.