Repairs scandal computers ‘could be hacked by a child’

13
Have your say

A COMPUTER system at the centre of the statutory repairs scandal was “so bad a child could get into it”, a report has revealed.

In the 100-page conclusion to its independent investigation, auditor Deloitte suggests the IT system was highly insecure and could have easily been accessed by unauthorised figures.

The system, which held sensitive contract information, was accessed by a contractor to blow the whistle on the problems with the council’s statutory repairs system.

It is understood the Deloitte report confirms the security set-up was so simplistic and flawed that it could have been accessed by “a child”.

Meanwhile, a report by Audit Scotland has revealed that taxpayers’ cash paid out by the council that has not been recovered stands at more than £39 million.

About £30m has been paid out to contractors, but has not yet been billed to home- owners, and a further £9m of outstanding bills that homeowners have refused to pay has gone uncollected since March 2011.

Despite the multi-million-pound figure, the council has a provision of only £1.25m for bad debts. Audit Scotland said the council was at risk of “reputational damage” and “financial loss” in its progress report.

The Evening News previously reported that the unique passwords used by every employee on a system which kept records of properties and their problems, and a second system which was used to pay contractors, had not been changed since they were created in 2005.

Insiders said the passwords were pinned up on the walls around the department and were “talked about freely”.

A contractor – known as Contractor X – later accessed these systems to help blow the whistle on the numerous issues that have come to light.

It is not known if other contractors used the log-in system, but insiders pointed out that it would have been easy to gain access and use the information against the competition.

One inside source said: “The contents of the Deloitte report were shocking. The system was so bad a child could get into it. It puts into context the allegations made by Contractor X that the system was not properly secured.”

Two separate investigations have been carried out into the scandal, one by Deloitte and one by Lothian and Borders Police. To date, at least seven people have been sacked from the departments involved.