Craig McCulloch of RNZ reports:
A top tech boss at the Ministry of Culture and Heritage (MCH) reviewed the Tuia 250 website’s security and declared it “fit for purpose” just two months before a major breach was uncovered, new correspondence shows.
[…]
Correspondence obtained by RNZ under the Official Information Act shows the website – which was set up by an external contractor – had been given the all-clear by MCH Chief Information Officer Kenny Townsley.
Emails show Townsley conducted a “security review” of the site in early June 2019 after concerns were raised within the Ministry.
As part of the assessment, he sought assurances from the contractor, but did not personally test that the site was secure.
Read more on New Zealand Herald.