advertisement

Government Dumps Sensitive Employee Information On The Internet ZEC Style

   
17 comments

Respect for data privacy and internet security is not well understood in Zimbabwe. The government is a major culprit in this crime of ignorance. Two years ago, the voter’s roll was accessed by some unscrupulous folks who just dumped the whole darn thing on the internet full of our names, ID numbers and residential addresses.

Since then the voters’ roll is being used in an unintended way by some businesses including several banks which we will not name. They are using it to do KYC verification et al. However, when we registered as voters we never signed up for that data to be used in that way let alone by private corporations.

Yes, it wasn’t the Zimbabwe Electoral Commission nor the government that uploaded the roll onto the internet (at least we don’t think so) but ultimately it was their responsibility to ensure whoever was entitled to a copy of the document treated that data with absolute integrity and they should have investigated the breach. It doesn’t seem they investigated anything. That’s because appreciation for these issues is quite low.

advertisement

Now the government has exposed its employees

We will of course not share a link! However, we can explicitly say that the Public Service Commission, the ’employer of all government workers (civil servants),’ has exposed sensitive data of their employees on the internet.

This information is in a PDF document titled:

MEMBERS ON THE SSB PAYROLL WITHOUT BIOMETRIC DATA

This is a 223 paged document with lists of civil servants showing their full names, their employment ID numbers, national ID numbers and where they work (the specific institution and district). This is gold mine information for all sorts of scammers and phishers.

Here is what the lists look like:

The irony

This document is a record of employees who for some reason have not yet had their biometric information entered into the government’s new database for such. If they don’t respect the integrity of personal information like this, should they be trusted with even more personal data: biometric data?

How did we come to know this?

We were doing a Google search on some individual we were interested in. One click led to another and viola!

To be honest, it wan’t one click leading to another, it was easier than that.

Cybersecurity bill is in the works

The Parliament of Zimbabwe is currently working on a Cybersecurity and Data Privacy bill. When the bill gets into law, the government will probably be found to be the biggest violator of the law.

Of course the disappointment about the whole bill is that senior government officers only ever bring it up in connection with nuzzling social media. The bigger problem is throwing people’s personal information all over the internet like this


Quick NetOne, Econet, And Telecel Airtime Recharge

Comments 17

Imi Vanhu Musadaro
11 months ago

The responsible thing would be to inform the PSC about this information leak, before publicising it. It doesn’t take 30 seconds to find the document, via Google, so it doesn’t help to give a shallow indemnification that you didn’t put up a link.

It’s easy to call out government for being irresponsible with private information, but so have you.

Your email address will not be published.

 


    Tinashe Nyahasha
    11 months ago

    Did you get it in 30 seconds?

    Your email address will not be published.

     


      Phidza
      11 months ago

      I got it in 30 secs, I just googled “health matabeleland south prov” with the quotes to limit results and only one link came up.

      Your email address will not be published.

       


      Imi Vanhu Musadaro
      11 months ago

      Less than 30 seconds, as a matter of fact.

      Sadly, that was the only thing to took away from my comment. 🤦🏾‍♂️

      Your email address will not be published.

       


        Tinashe Nyahasha
        11 months ago

        Actually it wasn’t. I was just curious. I got your point the first time. I had considered the implications at first before writing and convinced myself (maybe wrongly) that no one at PSC would listen but they may be forced if someone else they trust comes across this article explains to them what they should do.

        It’s not always easy to make the right call on these things, I will admit that

        Your email address will not be published.

         


Tawanda
11 months ago

This is irresponsible journalism, shows you are an amateur and you should be help responsible for any abuse of peoples details from this document. Techzim where do you get people like this?

Your email address will not be published.

 


    Tinashe Nyahasha
    11 months ago

    Do you remember the picture of a woman lying in the streets after being beaten up by the police after elections in 2018 and there were scores of journalists surrounding her and taking pictures?

    Or the one of a small hungry child crawling to a feeding station at a refugee camp whilst a vulture was falling at a short distance waiting for the child to die?

    Responsible journalism is not what you think it is.

    But perhaps I failed to be a responsible citizen. I can accept that one

    Your email address will not be published.

     


    fiend
    11 months ago

    Who says they’re journalists?

    There’s a general standard of disclosure of such things within IT.

    TechZim bloggers failed to follow it and did not give the affected party a chance to rectify it. Just for the sake of pushing articlrs.

    You don’t even have ethics.

    Your email address will not be published.

     


jon snow
11 months ago

if you look at the site im sure we can see that this was intentionally published, i see no need to bash techzim here, go talk to psc.

Your email address will not be published.

 


Rational Ear
11 months ago

This is exactly how Zimbabweans fail. An issue has been raised/reported. Instead of addressing the issue at hand, we cowardly waste time bashing the person who reported the issue until the whole thing is overtaken by time and other events. Eyes on the pie people, eyes on the pie. Don’t be distracted!

Your email address will not be published.

 


    Phidza
    11 months ago

    How do we address the issue at hand? What have you done to address the issue?

    Your email address will not be published.

     


Tawanda Kembo
11 months ago

This is irresponsible disclosure. You should have only disclosed this after the data was removed from the web. I suggest you remove this article and put it back online after the government has removed the data from their website.
This is not right.

Your email address will not be published.

 


jon snow
11 months ago

The problem is we have a lot of CEHs😂😂😂😂, go tell psc that they disclosed personal info, and then come back here so we can talk about “ethics”

Your email address will not be published.

 


Jay S
11 months ago

Central Computing Services, temperature bho here? How many IT degrees are employed to stop this happening? I’m waiting to hear of heads rolling internally for incompetence. Someone has to go home for this.

Your email address will not be published.

 


Grammar Enthusiast
11 months ago

The “typo” you point out not actually an error.
The payroll is a list, so the members are ‘on’ it, not “of” it.

Your email address will not be published.

 


    Tinashe Nyahasha
    11 months ago

    You are right!
    Thanks

    Your email address will not be published.

     


Anonymous
11 months ago

Journalism is not about reporting to authorities that e.g. sewage is flowing in the river. Rather it is reporting it as a story in the media. A journalist must give out news and information.

I dare anyone to actually take the time to call or goto PSC to report the matter. Countless hours trying to tell them that the problem is that private information is online. They will only see the problem after a senior executive says it is a problem and not a lay man from the streets.

Your email address will not be published.

 


Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You might also like

Love code? Techzim is hiring developers

Dandemutande CEO sheds more light on Utande LTE

Zimbos can pre-order Elon Musk’s Starlink but it has to register with POTRAZ first

Huawei & NetOne partner on US$400k mobile broadband project