Data security

Are your financial records safe with Xero? [UPDATED]

Rodney Hide explains that maybe your financial records won’t be safe with Xero after revealing that Xero has handed over financial records to the Official Assignee outside of the law.

Is this Xero’s VW moment?

Are your financial records safe with Xero [NZX:XRO]? Or would Xero do a Westpac and release them to state agents on simple request without warrant?

Xero CEO Rod Drury has always said safe. He again reassured NBR readers in July that Xero never releases customers’ financial records to state agents.

Mr Drury said Xero refers requests back to the customer for the information required.

“We are the custodians of our customers’ data,” Mr Drury said.

But one customer knows different. Last year Xero passed her company’s records to state agents, they had no warrant, Xero didn’t tell her, and, indeed, when she asked, Xero denied it.

Deputy Official Assignee Annemarie Foidl had asked Xero to supply the customer’s “user name” and “password” citing s171 of the Insolvency Act 2006. It wasn’t just the records she wanted but access. For a month.

We don’t know what then transpired but we do know Xero “supplied [the Official Assignee] with a report showing the credits and debits of each account connected to the subscription.”

Xero didn’t tell the customer.    Read more »

Tagged:

If you’re dodgy, don’t own a smartphone

 

via onlineincometeacher.com

via onlineincometeacher.com

Timothy B. Lee at Ars Technica reveals

The [US] courts have traditionally allowed the police to inspect any items a suspect is carrying when they arrest him or her. But in the past, the information the police could obtain in this fashion was fairly limited. The advent of the smartphone has changed all that.   Read more »

WINZ flaw existed for all of Labour’s tenure

So intent Labour has been on blaming National for the WINZ security flaw that they seem to have overlooked that it existed for the entire time they were in government…and they did NOTHING to fix it for 9 years.

Computer terminals used for 13 years by job seekers at Work and Income offices had the same security flaw as the self-service kiosks at the centre of the major privacy breach at Winz.

An independent report has revealed the computers used between 1998 and 2011 were also connected to Ministry of Social Development’s corporate computer network allowing access to private information.

Tagged:

Labour can hardly comment on data security

I find it highly ironic that Labour is going on about sensitive data security:

Is Labour asking Keith Ng and Ira Bailey to handover or delete the files.. no…they’re making political capital out of them. Remember when they had their own data breach…at that time Labour threatened and blustered and attacked the person who breached their security, such as it was.

While Labour, the Greens and left wing blogs all stick up for Keith Ng and Ira Bailey, I do wonder how things would have panned out had it been revealed that it was me who found this data breach, and that I took files and that I or my source asked for money. I know exactly how it would have panned out… because Labour did it to me.

They accused me of hacking, they laid complaints against me with the Privacy Commission and wrote threatening letters. The whole saga is summarised here.