Fujitsu staff had total access to branch PCs
FUJITSU staff had ‘unrestricted and unaudited privileged access’ to Post Office branch systems and could make changes without postmasters’ knowledge, the public inquiry heard yesterday.
The Horizon IT scandal inquiry was shown an internal Fujitsu document from August 2002 which revealed ‘concern’ over staff in Fujitsu’s Software Support Centre (SSC) having access to the live system which is ‘not fully audited, and in some cases, is unrestricted in the actions that can be carried out’.
It said the workers, who provided third-line tech support to Post Office branches, had ‘unrestricted and unaudited privileged access... to all systems including Post Office counter PCs’ and ‘there are no automatic controls in place to restrict user access’.
It warned that as a result, Fujitsu was at risk of the ‘opportunity for financial fraud, errors as a result of manual actions causing loss of service to outlets [and] infringement of the Data Protection Act’.
Asked about this by inquiry counsel Jason Beer KC, John Simpkins, a team leader within the SSC, accepted staff ‘had remote access to the live system’, but disagreed there was an opportunity to commit financial fraud or to access certain data.
Mr Simpkins, who still works for Fujitsu, was asked about claims by Richard Roll, a Fujitsu engineer turned whistleblower, that staff would resolve frequent issues with Horizon impacting branch accounts by remotely editing transaction data without telling postmasters.
He insisted staff ‘didn’t make frequent changes... I think in ten years, I’ve found evidence of 28 financial remote changes and I also disagree that we didn’t tell the postmasters’.