Thomas Penny
FUJ00155400
FUJ00155400
Page 1 of 3
From: Thomas Penny . \
Sent: 08 January 2009 15:13
‘Ol
To: Pritchard Howard; Warham Wendy; Denham Steve \ P
Ce: Sewell Peter (FELO1) VL
Subject: RE: Security Incident
Hi Howard
The process is as my previous note.
The list of outlets has been sent to Steve Evans this afternoon - he will explain to Gerald. I don't think Alan
Holmes will take long with the query.
The filtering exercise should only take about a week, maybe less. We are really hoping that the residual
checking will be minimal.
Kind regards
Penny
From: Pritchard Howard
Sent: 08 January 2009 15:00 J
To: Thomas Penny; Warham Wendy; Denham Steve
Ce: Sewell Peter (FELO1)
Subject: RE: Security Incident
Hi Penny,
Please can you advise when this will be completed.
Kind Regards
Howard
From: Thomas_Penny__.._--_»»_
Sent: 08 January 2009 14:31
To: Warham Wendy; Denham Steve
Ce: Pritchard Howard; Sewell Peter (FELO1)
Subject: FW: Security Incident
Please see email trail.
POL clearly do not want the specific details of this incident included in the witness statement.
‘I will hold off providing the 4 outstanding statements until our review is complete.
Kind regards
Penny
From: dave.posnett
Sent: 07 January 20
To: Thomas Penny
08/01/2009
FUJ00155400
FUJ00155400
Page 2 of 3
Subject: Fw: Security Incident
Penny,
To note emails below.
I would say Business As Usual re witness statements ie don't include the two additional paragraphs on the
last page.
if any issues materialise in due course, we can address then - suggest the ARQs for these 4 cases are
assessed first.
Regards,
Dave Posrett
Fraud Risk Manager
E) security suite (G14), Leatherhead Delivery Office,
Station Road, Leatherhead, KT22 7AE
GRO !
Considentatinrormatione Tis ermil messageis for te sole use of teintendearecipient(s) andrraycontain
confgentiaand priviegedinforrmtion, any unautharied rey au, ise disclosure or distrbutionié prohibited.
ou are not the tended rec Fier, please contact metyteply exrailand destroyall copies of te ofignal message
Phas: consider the environment before printing this ¢-mal
----- Forwarded by Dave Posnett/e/POSTOFFICE on 07/01/2009 16:38 —-—-
Rob G Wilson
fo: Dave Posnettie/POSTOFFICE(
07/01/2009 16:05 ce:
Subject: Re: Fw: Security IncidentLink
Dave,
Thanks for both of your emails. So far as the addition is concerned my view is that if we are sure that there
re.no_incidents_then_there_is nothing _undermining_that will need to_be flagged up
will have no relevance to our cases and as such could only lead to fishing expedi
into the standard statement.
As soon as we Know what the position is I will advise further.
Rob Wilson
Head of Criminal Law
Dave Posnett
To: Rob G Wilson/e/POSTOFFICE
07/01/2009 15:54 cc:
Subject: Re: Fw: Security Incident Li
* 08/01/2009
FUJ00155400
FUJ00155400
-o ‘ Page 3 of 3
Rob,
In relation to the standard witness statement Fujitsu provide:
1) The following addition has been inserted (page 5, bullet point 11). This addition seems okay (it's
just another check that Fujitsu conduct - to ensure the ‘security incident’ doesn’t occur again).
11. Windows Events generated by the counters within the branch/timeframe in question are checked to
ensure the counters were functioning correctly.
2)The following additional paragraphs have been inserted (page 7). I personally do not see the need
for these if there are no problems identified with the data relating to the case in question. Why inform
anyone about a problem we've had within the network, but possibly only at one branch, if it bears no
relation or relevance.
In December 2007 an occurrence was reported in one office where a Stock Unit roll-over coincided with the
End Of Day Process running. This led to a previously unseen database lock where an administrative
balancing transaction failed to be written to the local messagestore database. This generated a generic and
non-specific software error event which went unnoticed in the monitoring of Events. A financial imbalance
was evident and was subject to investigation by Fujitsu's Service Support Centre (SSC) and Post Office
Limited (POL). The financial imbalance has been resolved.
A software correction was applied across the estate in early November 2008 to ensure that any such event
generated would be monitored. Testing of that correction has established that the unmonitored error does not
occur elsewhere in the system.
Fujitsu have 4 statements outstanding and I'd be grateful if you could consider the above (ie should
they include the above in statements from now on ?). Happy to discuss if need be.
Regards,
Dave Posrett
Fraud Risk Manager
I security Sute (G14), leatherhead Delivery Office, Gia Spread the Word 22> i
Station Road, Leatherhead, KT22 7AE d AYA GRO
< Stop the crite
is for te sole wse of theintendedrecipient (5) andrray contain
confidentiatand peivdegedinfccrmtion, Any urautnerised rey ia, use, dislesure or distrbutionis prohibited.
(yuu are not the intenidad re pent, please comact metyreply emmailand destroyall copies of the of gal message,
a Pheaze consider the environment before printing this e-mal
>>>> Standard Fujitsu WS V8 Jan 09 .doc attachment was removed from this email <<<<
08/01/2009