The Office of the Attorney-General of the Federation (OAGF) claimed that the Integrated Personnel and Payroll Information System (IPPIS) only used its vulnerable website to share workers’ information on Tuesday.
With this claim, FIJ can report that one of the most sensitive offices in the country has violated relevant articles of the Standards and Guidelines for Government Websites the National Information Technology Development Agency (NITDA) developed for ministries, departments and agencies.
FIJ earlier revealed how workers’ and user data stored on the IPPIS Secretariat’s website and an IPPIS validation portal on the website of the OAGF had been left unsafe.
The secretariat’s website stayed unsafe for more than a year even with different files containing federal government workers’ personal and employment records, exposing them to the preying eyes of cyber attackers.
The OAGF could not be reached for comment on those reports as all its public information channels were invalid. It issued a statement after seeing the reports instead.
On Tuesday, the organisation issued a statement downplaying the severity of the problem while stating that it was only using the websites to share information.
“The Integrated Personnel and Payroll Information System database has not been compromised,” Bawa Mokwa, the director of press and public relations at the OAGF, stated on Tuesday.
“No data is saved on the OAGF website. The IPPIS uses the website only to share information, not for transactions. Neither payroll nor payments are made through the website, therefore, no data is contained in the website.”
READ ALSO: ALERT: Website of IPPIS Secretariat in Accountant-General’s Office Is Unsecure
VIOLATING SECTION 11.3 OF NITDA REGULATIONS
As the problems FIJ earlier reported remained at press time, OAGF’s claim runs afoul of Section 11.3 of the NITDA regulations.
The section mandates every government agency to remove links that are no longer useful and provide accurate information on its website.
The information management plan should include various measures for maintaining information integrity, such as:
i. Undertaking regular checks on the accuracy of the information.
ii. Regularly check that all information posted on the website is updated frequently.
READ ALSO: NPF Website Violates NITDA Guidelines, Does Not Have the Phone Numbers of PPROs
iii. Removing sections that are no longer useful, with appropriate consideration for archiving and record-keeping regulations. However, never remove or move a page without providing a link from its original location to a page where the information is now located.
iv. Checking links to other websites regularly to ensure that the link is still ‘alive’ and that (the) content of the website is still appropriate. It is advised that programs for checking broken links are employed, however, external links should also be checked manually.
v. Ensuring the website delivers on any promise for new information or services to the public.
Subscribe
Be the first to receive special investigative reports and features in your inbox.