Police play down data breach, minister hangs on

Data breach  >  open padlock allowing illicit streaming data collection
Arkadiusz Wargua / Getty Images

The Police have played down the impact of a data breach that allegedly exposed names, addresses, firearm licence numbers and bank details of 70,000 gun owners, saying only a handful of records were accessed.

In a statement issued on 2 December, 24 hours after being made aware of the breach, Police said a system audit by its vendors had confirmed only one login by a dealer with legitimate access to the platform in the previous 24 hours and that the full details of only 35 people had been accessed.

Also, it said the names and addresses only of a further 500 people had been accessed.

The Council of Licenced Firearm Owners (COLFO) claimed a further 19 people had accessed information other than their own.

Police said it had been unable to substantiate this claim and COLFO had not responded to a request for further details.

When it revealed the breach on Monday COLFO said: “Information on 70,000 firearm hand-in notifications, the firearms and owner bank account numbers, were accessible to web page users.”

The contract to set up the buyback database was awarded to SAP without being put out to tender and according to the ACT Party the breach was a result of a rushed job with Police being put under intense pressure to get the buyback up and running.

It has called on the government to launch a full, independent investigation headed up by a retired District Court judge “to forensically examine the process that led to the privacy breach,” and has renewed its calls for police minister Stuart Nash to be sacked.

Latest in a series of government data disasters

Meanwhile, the National Party used the opportunity to remind New Zealanders of other recent government data breaches and to argue that the Government “cannot be trusted to look after New Zealanders’ sensitive data.”

National’s Data and Cybersecurity spokesperson Dr Shane Reti said that, earlier in the year, sensitive emails had been incorrectly sent from the Ministry for Arts, Culture and Heritage to a Victoria University email address.

“The unencrypted email contained an attachment titled ‘Upcoming MCH papers’ with papers across multiple ministries including Arts, Culture and Heritage; Sports and Recreation; and Broadcasting portfolios attached,” Reti said.

“Arts, Culture and Heritage minister Jacinda Ardern refused to release the titles of the papers, which signals the potential sensitivity of them.”

In December 2018 the New Zealand Transport Agency (NZTA) lost a USB flash drive containing information for staff identity cards for 1104 individuals including names, email addresses, photos and signatures.

In May this year the National Party was able to access the Budget papers ahead of the Government’s scheduled release.

Related:

Copyright © 2019 IDG Communications, Inc.

  
Shop Tech Products at Amazon