New information about the extent of the Tuia 250 data breach shows the Prime Minister has yet more questions to answer
when she returns to New Zealand, National’s Data and Cybersecurity spokesperson Dr Shane Reti says.
“Replies to written questions have shown that the whole data breach is even worse than was first admitted by the
Government. Initially they said 302 people were affected, but now we know that number’s 30 per cent higher, at 403.
“The extent of exposed children’s data has also been revealed, with 71 people under the age of 18 affected by the
breach. This included passport details, driving licences, birth certificates, education-related documents and
application forms.
“Even worse, the Ministry has admitted it doesn’t have a permanent log of who visited the website. There’s no way of
knowing who’s accessed that personal information or how many times it was accessed.
“We also now know that the website’s developer was known to at least one staff member at the Ministry of Culture and
Heritage, and that the Ministry is reviewing the decisions and process relating to personal relationships and management
of the Tuia 250 website.
“The Government has serious questions to answer here. The public deserves to know if the website developer was awarded
the contract because of a personal relationship rather than following proper procurement processes.
“It’s clear the developer wasn’t up to the job, and it’s worse than we thought. The Ministry had a duty to ensure the
Tuia 250 website would be secure and that people’s personal details would be safe.
“Children’s details were leaked on the internet and the Ministry doesn’t even know who’s seen them.”