Monday, October 15, 2012

Unbelievable (updated)

I went to the Work and Income website to see if there was any media release about the Kiosk catastrophe. But look what I found:

Don't give too much away

09 October 2012
Find out how to keep your information safe so you don't become a victim of identity theft.
Have you ever thought about how much information about yourself you freely give away and what could be done with it?
Dig into someone's wallet, look at their Facebook profile, or go through their rubbish and you will find a wealth of valuable information. Simple personal information, like your name, address, date of birth or bank account number is all that is needed for someone to pretend to be you and do harm.
Identities may be stolen to commit many different crimes, such as obtaining credit, false proof of age, IRD number theft and tax avoidance or to evade police. It varies from false Facebook pages, which can seriously damage people’s reputations, to organised crime syndicates using false identities to perpetrate serious crimes. In the past, New Zealanders have not had to worry so much about identity crime, but it is a growing problem around the world and is likely to affect more of us in the future.
The most unfortunate fact about identity theft is that the victim not only suffers, but also ends up being the one who has to clean up the mess. As many details about you don’t change much over time, victims can continue to have problems long after the initial theft.
You may think that identity theft is a problem on the Internet, but it happens in the real world too. There are some steps you can take to keep your identity safe.
  • don’t give out personal information unnecessarily
  • don't be afraid to ask why the information is needed and how it will be used
  • don’t write down PIN numbers, or give them to people,
  • don’t throw out bills or statements (shred or burn them)
  • be wary if you receive unusual mail.
For more information, or help if you may have been a victim of identity theft, visit

Talk about adding insult to injury.

UPDATE: The press release headline and link was on the front page . Not now. I tried searching the release title and source and found this. "The page you are trying to access doesn’t exist on the Work and Income website. It may have been moved or renamed."

I suppose we should take comfort in the fact they acted, albeit belatedly.


S. Beast said...

Update of my own: Called 0800 line and asked about the possiblity of my secure file being accessed via the Kiosk. Apathetic call center say my file hasn't been breached (not that they could possibly know that).

Update #2, the source is named:

He just plugged in a USB and couldn't see it come up on screen so had a click around before finding the system holes. Then he asked if there was a reward for this (as is common practice). Now he will be made a scapegoat and his own privacy violated because he reported this to MSD. Very sad to see.

Lindsay Mitchell said...

"Then he asked if there was a reward for this (as is common practice)."

That's where I depart from much of the current discussion (on other blogs). This expected payment for a 'vulnerability report' doesn't wash with me. Sorry, but it almost sounds like blackmail. It's certainly not public-spirited, which is what the theoretically functioning welfare system relies on. That went by-the-by about 40 years ago.