Privacy breach of platform for firearm buyback programme

Published: Mon 2 Dec 2019 05:35 PM
Privacy breach of online notification platform for firearm buy-back programme
Deputy Commissioner Mike Clement:
We can confirm that a dealer with legitimate access to the online notification platform for the firearm buy-back programme has been able to view details of firearms owners.
We were notified of the error this morning when the dealer contacted us.
Upon being notified all efforts were made to immediately shut down access to the platform.
We have been able to identify the error back to an update made by our vendor last week which provided dealers a higher level of access to the notifications database.
The update was not authorised by Police.
Our investigations have shown only one dealer login has accessed the system since the update.
We believe this was an isolated incident and made possible due to human error.
The vendor for the online notification platform is German based global software company SAP.
The firearms buy-back programme is continuing and we will be using a manual process to manage the return of prohibited firearms.
The online notification platform will remain offline until we can be reassured by our vendor that the platform is secure.
We take the privacy of the public information we hold seriously and we will undertake our own additional checks to ensure the system is secure before the online notification platform is re-established.
We have advised the Office of the Privacy Commissioner and we are working to identify and then notify those whose information has been accessed.
Issued by Police Media Centre
Statement from SAP spokesperson
SAP can confirm it was notified of a security breach to the New Zealand Police gun buy back system this morning.
The security breach indicated that a single dealer user had accessed information not intended to its user profile.
As soon as the full details of this incident were understood, all user profiles on the system, except for SAP consultants investigating, were locked, and remain so.
As part of new features intended for the platform, security profiles were to be updated to allow certain users to be able to create citizens records.
A new security profile was incorrectly provisioned to a group of 66 dealer users due to human error by SAP.
We unreservedly apologise to New Zealand Police and the citizens of New Zealand for this error.
The security of our customers and their data is of absolute priority to us.
A full internal investigation is already underway within SAP.
We continue to work with and offer our full resources to New Zealand Police to ensure the system is fully secure and up and running again as soon as possible.

Next in New Zealand politics

Freshwater package backed by comprehensive economic analysis
By: New Zealand Government
Todd Muller announces shape of next Government
By: New Zealand National Party
Timeline For Moving To Level 1 Needed
By: Business New Zealand
On National’s Day Of Reckoning
By: Gordon Campbell
Jobs budget to get economy moving again
By: New Zealand Government
Law Setting Up Legal Framework For Covid-19 Alert Level 2 Passes
By: New Zealand Government
PMs Jacinda Ardern & Scott Morrison Announce Plans For Trans-Tasman COVID-safe Travel Zone
By: New Zealand Government
Support For Arts And Music Sector Recovery
By: New Zealand Government
New Zealand Joins Global Search For COVID-19 Vaccine
By: New Zealand Government
Green Party Unveils Its Candidate List For The 2020 Election
By: Green Party
NZ COVID Tracer App Released To Support Contact Tracing
By: Ministry of Health
Deep Concern At Hong Kong National Security Legislation
By: New Zealand Government
Strongest Ever Water Reforms Mean Swimmable Rivers Within A Generation
By: Green Party
Importance Of Horticulture Recognised In Government’s Freshwater Decisions
By: Horticulture NZ
Nitrogen Fertiliser Poisoning Of Rivers To Face Cap, Says Greenpeace
By: Greenpeace
View as: DESKTOP | MOBILEWe're in BETA! Send Feedback © Scoop Media