Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsOff topic20,000 Christchurch hot pool visitors have had proof of identity stolen
tehgerbil

1102 posts

Uber Geek

ID Verified
Subscriber

#299445 8-Sep-2022 11:05
Send private message

https://www.stuff.co.nz/national/crime/129814013/computer-hacker-steals-sensitive-information-from-20000-christchurch-hot-pools-customers

 

Personal information about as many as 20,000 members of the public has been stolen in a data breach at Christchurch City Council’s He Puna Taimoana hot pools.

 

The material hacked includes copies of drivers' licences, passports, rates invoices, tenancy agreements, utility bills, and other council membership cards – all items provided by pool users as proof of residency.

Create new topic
Kyanar
4089 posts

Uber Geek

ID Verified
Trusted

  #2964628 8-Sep-2022 12:06
Send private message

Cox’s letter said the council’s immediate priority has been to secure the “underlying vulnerability in the system” which let the breach happen. This has been done by installing a security update.

 

Why was an unpatched server accessible from the internet anyway? If they needed to store this data (they didn't, they could simply have flagged the individual in whatever system they are using as verified upon sighting valid proof of residency) then it is incumbent upon them to secure it properly. IMO this level of incompetence should be subject to prosecution.



Geektastic
17943 posts

Uber Geek

Trusted
Lifetime subscriber

  #2964922 9-Sep-2022 08:27
Send private message

Too busy worrying about important things like cycle lanes and removing car parking spaces to be attending to mere IT security!





PolicyGuy
1726 posts

Uber Geek

ID Verified
Lifetime subscriber

  #2964928 9-Sep-2022 08:36
Send private message

The Spinoff has a better insight into this:

 

 

https://thespinoff.co.nz/society/09-09-2022/no-the-christchurch-hot-pools-werent-hacked-the-council-just-messed-up



mrdrifter
576 posts

Ultimate Geek

ID Verified
Trusted

  #2964935 9-Sep-2022 08:51
Send private message

What really annoys me about this, is that in a professional capacity ~3 1/2 years ago I actually talked through these scenarios with the CCC when writing up a report and guidance document for them. I spent a number of sessions with them analysing and discussing their disparate systems that all rely on their own verification processes and the ongoing storage of this information well past the point it was required. While it's quite a sprawling and complicated range of systems, some of these risks were/are reasonably easy to mitigate at an individual level. 

MikeAqua
7779 posts

Uber Geek


  #2964972 9-Sep-2022 10:37
Send private message

A good example of: Don't store info you don't really need to.  They needed to see info that verified customers were ChCh residents, then charge them the appropriate fee.  That info didn't really need to be stored. 

 

If you have low-trust culture you might want to audit cashiers, to ensure the discount is not being given to people it shouldn't.  Personally I wouldn't bother auditing anything for a $4 discount.  I would just trust my team.




Mike

kyhwana2
2566 posts

Uber Geek


  #2964981 9-Sep-2022 11:01
Send private message

https://www.databreaches.net/computer-hacker-steals-sensitive-information-from-20000-christchurch-hot-pools-customers-no-thats-not-what-happened/
Turns out the christchurch city council effed up and left an azure blob storage instance world readable. They weren't "hacked" they were negligent.

Kyanar
4089 posts

Uber Geek

ID Verified
Trusted

  #2965075 9-Sep-2022 12:21
Send private message

It also turns out Christchurch City Council has form for inappropriate storage of documents leading to disclosure.

 
 
 
 

Shop now for Lenovo laptops and other devices (affiliate link).
Handle9
11386 posts

Uber Geek

Trusted
Lifetime subscriber

  #2965143 9-Sep-2022 15:37
Send private message

MikeAqua:

If you have low-trust culture you might want to audit cashiers, to ensure the discount is not being given to people it shouldn't.  Personally I wouldn't bother auditing anything for a $4 discount.  I would just trust my team.



It’s a public entity so they need an audit trail otherwise clowns like the publicly funded taxpayers union start going off their head.

MikeAqua
7779 posts

Uber Geek


  #2966028 12-Sep-2022 09:42
Send private message

Handle9:

It’s a public entity so they need an audit trail otherwise clowns like the publicly funded taxpayers union start going off their head.

 

It's public entity so they WANT an audit trial, because no-one has the intestinal fortitude to stand up to whoever is going off their head about something so immaterial and say: -

 

"the locals' discount is nickel and dime stuff, it's not worth auditing and we're not going to".

 

Even better call those critics out for what they're doing which is leveraging people's petty tribal inclinations. 

 

An even wiser decision would have been not to have two prices in the first place.  That w as probably a concession to some group of axe-grinders in the first place.  I've been to those pools an out of towner.  I didn't even know there was locals' price.  It's great facility and we really enjoyed it.  We bought lunch, had a couple of beers and some ice creams in New Brighton and did a little shopping too.  If the council had gotten $8 less out of us it wouldn't have really mattered. 

 

 

 

 




Mike

Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00

eero Pro 7 Review
Posted 23-Jul-2025 12:07

BeeStation Plus Review
Posted 21-Jul-2025 14:21

eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01

WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32

RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26

Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24

Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05

Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01

Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01

Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22

Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46

Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42

D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34

Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
GoodSync
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright