Massive firearms data breach

Police are warning of a potential privacy breach involving the online notification platform for the firearm buy-back programme.

. . We were made aware of the potential issue by a member of the public.

Immediately upon being made aware of the issue the platform was closed down and we are investigating the matter further.

We have advised the office of the Privacy Commissioner of the potential issue. . .

The Council of Licensed Firearms Owners is justifiably worried:

The Police firearm database breach has revealed that 37,125 owners have registered 280,000 individual newly prohibited items, COLFO says.

Full contact details, firearm licence number and bank address details were revealed. This has been captured on screen-grabs by users, and a full set of the data was downloaded.

The notification system is an online web page where any member of the public can notify the Police that they have one of the newly prohibited firearms or related items. Notification is a three-step process requiring name and contact details, then the firearms and parts to be registered, then their licence number and bank account (for compensation payments).

It is unclear how long the information was publicly available before it was seen this morning, and people were able to log into the system for up to three hours before the Police finally shut it down.

COLFO spokesperson Nicole McKee says the data breach is a huge blow to the whole hand-in programme, and to Police claims that firearm owner data would be safe under the Government’s planned registry.

“This is a shocking development. Full details of prohibited firearms, and addresses at which they could be found, have been available online to the public.

“This makes an absolute mockery of Police claims to the Select Committee that they could be trusted to keep a firearm registry secure. . . 

National’s police spokesman Brett Hudson lists other data breaches that have happened this year:

“This isn’t the first time there has been a significant data breach under this Government, there was a breach at the Ministry of Culture and Heritage where information on children had been accessed; staff at NZTA were at risk of personal identity theft after a USB drive containing staff identity cards was lost; private details were stolen from the Commerce Commission; and even Treasury has been breached.

“How can New Zealanders have confidence in the firearms register the Government is proposing when they can’t even protect their personal details in their buy-back scheme? New Zealanders’ data is at risk and this shows we can’t go rushing into a firearms register. The Government’s track record on IST and data is simply not up to scratch.

“In this year of delivery, all Prime Minister Jacinda Ardern and her Government can deliver are privacy breaches.”

These are all serious breaches which call into question the security of data all government agencies hold.

This one will give no-one any confidence a gun registry is a good idea.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: