Statement of Zoltán Kaszás, published on 22st July, 2017

First of all, as Chief Executive Officer of T-Systems Hungary, I would like to apologize to everyone concerned. It could have been adequate for me to make a public announcement earlier, but so many different circumstances of the issue had surfaced, that first I wanted to strive to fully clarify what had happened.

The online sales system was developed in cooperation with our client, BKK, and is a product of a serious joint effort made by our colleagues. Doubtlessly, in case of certain components of the system, there are already more modern, more sophisticated solutions available. I consider it important that we approach the shortcomings revealed by ourselves and identified by the community with personal and professional humility and demonstrate the integrity and overall professionalism necessary to eliminate and correct them. My intention is to establish a system that meets the requirements of everyone. I can tell you that we have eliminated the problems already identified, and we continuously work on making the system even more secure and reliable. Currently, the system is mainly exposed to attacks experienced by the internet service provider. Naturally, we are doing our utmost to cooperate with the investigation initiated by the Mayor, we provide all the information and data necessary, and I take complete responsibility for taking all the necessary actions within the company, too.

I personally feel for the young man concerned, however, I would like to underline that under the given circumstances we had no other option, but to press charges against an unknown offender (as the young man did not contact us). Upon pressing charges, we provided all the information and data available about the involved parties to the authorities for clarification purposes, and shall do so in the future, too. In my capacity as head of T-Systems Hungary, and assuming that the ethical conduct of the young man is ascertained, I would like to offer him the possibility that we cooperate in the future, if he is open to such a cooperation.

The case has revealed that a widely accepted practice of ethical hacking does not exist in Hungary, and partly perhaps due to lack of such, a true consensus has also not evolved, yet. It is time to start the social and professional dialogue addressing "ethical hacking” in Hungary, too, and to establish the relevant legal and regulatory frameworks for the activity. Pursuing this objective, T-Systems shall introduce some relevant initiatives (“bug bounty”) in the near future.