Thousands of confidential files from New Zealand's Ministry for Social Development – with details on children – were accessible from public computers, according to a news report.
Blogger Keith Ng said he was able to download 7,000 files from the department's network, the BBC reported.
He used a computer offered to the public in the Work and Income New Zealand (WINZ) office. It’s used by people looking for jobs.
The files listed names of children in state care. In addition, names of people suspected of benefit fraud were also available. Invoices from contractors were also “easily retrievable,” the BBC said. He was also able to see children's medical records, legal bills and debt collection records.
"I sorted through 3,500 invoices. This was about half of what I obtained, and what I obtained was about a quarter of what was accessible," Ng said on a blog post.
The government appeared embarrassed.
"I apologize to everyone now,” Social Development Minister Paula Bennett told Radio New Zealand. "I'm mortified that they had that level of trust in the ministry and at some level we've let them down."
The ministry wants an independent security expert to investigate the breach, Radio New Zealand adds.
In addition, New Zealand's Assistant Privacy Commissioner Katrine Evans said in a statement that the ministry’s client databases were not “compromised, though obviously this is something we will be looking very closely at.”
“Our first priority was to make sure that the kiosks were closed so that no further information could be accessed,” she added. “We … got assurances that the kiosks would be closed before the service centers opened ... Secondly, we wanted to make sure that the information that had been downloaded was returned to us so that people did not need to be worried about its security. The blogger has given us the information ... He has not kept copies.”
“We are very concerned about this security breach and we are investigating what happened,” she continued. “Protecting personal information is a cornerstone of public trust in both government and business, particularly in the digital environment – and this is one of several recent incidents that show that agencies need to up their game.”
In a related matter, TMCnet reported that October is Cyber Security Month in the United States. It was reported that 26 percent of Americans in the past year received notification by a business, online service provider or organization that their personally identifiable information (such as password, credit card number, or e-mail address) was lost or compromised because of a data breach.