New Zealand Labour Party

Unsecure website risks Ashley MoBIEson hack

Experts have raised security concerns that vulnerabilities in MoBIE’s half million-dollar website could lead to a possible Ashley Maddison-style hack, says Labour’s Economic Development spokesperson David Clark.

“The real issue here is not what data is immediately available, but what connections this vulnerability opens up. Every security wall is critical. Once behind the veil, hackers can explore connections to other Government held-data.

“MoBIE has trusted IT connections into other Government agencies. Once inside the security perimeter, a hacker may roam around and explore other vulnerabilities undetected.

“New Zealanders need confidence that the private data they share with IRD is protected.  The reality is that the Government can no longer be as confident of this as it once was.

“The new website uses SSL3 encryption as was done in the failed Ashley Madison website. That does not inspire confidence. Questions must also be asked about this and similar vulnerabilities in other parts of the MoBIE IT infrastructure.

“You would think $560,000 could buy a secure website. But as usual Steven Joyce’s MoBIE spend-ups raise more questions than answers. The Minister has failed to provide a detailed breakdown of his spend on the gold-plated site.

“This Government has form with privacy breaches including IRD, Winz and ACC.

“Skimping on security and pimping on bling sounds like another Ashley Madison tale. New Zealanders have the right to expect higher standards from a Government they entrust with their most valuable personal data,” David Clark says.