Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




528 posts

Ultimate Geek

Trusted

# 261534 2-Dec-2019 15:24
Send private message quote this post

https://i.stuff.co.nz/national/politics/117596483/privacy-breach-has-police-shut-down-gun-buyback-website

Police have shut down the firearm buyback registration platform after the details of over 37,000 owners have potentially been made publicly available.

Info includes licence details, their firearms, addresses, bank details and phone numbers.

Scary for those who have done the right thing and registered their details and firearms.

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
3452 posts

Uber Geek


  # 2364926 2-Dec-2019 15:36
Send private message quote this post

I know a few gunslingers starting to stand out (abusing 'system', and government incompetence and so on and so on - almost falling into stereotypes they are hard against/fight to say they are not). Naturally they've all jumped on this as more fuel to that fire.

 

Guess someone will have to answer as why the info wasn't segregated off. Would have had a red target painted on it and be a matter of time given that there would be groups targeting it for a way in. Especially with the early campaigns with US influence from early on. And of course the scheme just had another boost last week on US tv with the tonight show NZ PM spot.


5216 posts

Uber Geek

Trusted
Microsoft

  # 2364937 2-Dec-2019 15:57
4 people support this post
Send private message quote this post

It’s not controversial to say it’s incompetence.

Some may say the buyback is a smokescreen to divert attention away from the negligence of the firearms officer that issued the person a license, 5 weeks after arriving in NZ, with no friends or family.


 
 
 
 




528 posts

Ultimate Geek

Trusted

  # 2364939 2-Dec-2019 15:59
Send private message quote this post

That would be a politics discussion and not really appropriate for a discussion about the data breach.

3509 posts

Uber Geek

Trusted

  # 2364967 2-Dec-2019 16:56
2 people support this post
Send private message quote this post

Not at all surprising. Was seemeingly good politics to have a rushed process about the new legislation and yet another failure as a result. Further bad downstream effects for political theatre.....





Speedtest 2019-10-14


1557 posts

Uber Geek

Lifetime subscriber

  # 2364993 2-Dec-2019 18:10
2 people support this post
Send private message quote this post

Our overseas vendor, yada yada yada.

 

Why the hell are they not using locally sourced experience. 

 

Yup complete incompetence especially around something like this. 





Ding Ding Ding Ding Ding : Ice cream man , Ice cream man


dt

553 posts

Ultimate Geek


  # 2365004 2-Dec-2019 18:13
Send private message quote this post

was surprised to see how quickly this had already made international headlines, RT published it earlier in the afternoon 

 

 

 

 


5216 posts

Uber Geek

Trusted
Microsoft

  # 2365011 2-Dec-2019 18:18
2 people support this post
Send private message quote this post

dt:

was surprised to see how quickly this had already made international headlines, RT published it earlier in the afternoon 


 


 



Russia propaganda loves to create divisions, highlight US 2nd Ammendment issues, gun control blah blah

 
 
 
 




528 posts

Ultimate Geek

Trusted

  # 2365015 2-Dec-2019 18:28
Send private message quote this post

Nash has claimed that only one person viewed the data.

Colfo claim it was sent screen shots of the data from several of it's members.

I don't want to call anyone a liar, but I'm struggling to see how they can both be telling the truth...

18505 posts

Uber Geek

Trusted

  # 2365019 2-Dec-2019 18:33
2 people support this post
Send private message quote this post

Is it the Govt job to secure the data? Its the IT guys job. Govt certainly owns the breach but I doubt Twyford looks after it :-)

 

This incompetence is very common. Probably all of the flagship global Tech companies have been breached, what's happens to them?


807 posts

Ultimate Geek


  # 2365026 2-Dec-2019 18:44
3 people support this post
Send private message quote this post

It's a shame the person who discovered it attempted to make it political(involving colfo) and possibly exposed others to danger rather than disclosing it to the right people then going public after it was resolved.


2644 posts

Uber Geek

Trusted
Subscriber

  # 2365027 2-Dec-2019 18:45
One person supports this post
Send private message quote this post

JaseNZ:

Our overseas vendor, yada yada yada.


Why the hell are they not using locally sourced experience. 


Yup complete incompetence especially around something like this. 



What does an overseas vendor have to do with competence? There are plenty of Muppets in NZ

1557 posts

Uber Geek

Lifetime subscriber

  # 2365167 2-Dec-2019 20:09
Send private message quote this post

Handle9:
JaseNZ:

 

Our overseas vendor, yada yada yada.

 

 

 

Why the hell are they not using locally sourced experience. 

 

 

 

Yup complete incompetence especially around something like this. 

 



What does an overseas vendor have to do with competence? There are plenty of Muppets in NZ

 

Absolutely but the government might as well pay our own muppets ๐Ÿ˜€. 





Ding Ding Ding Ding Ding : Ice cream man , Ice cream man


'That VDSL Cat'
11324 posts

Uber Geek

Trusted
Spark
Subscriber

  # 2365168 2-Dec-2019 20:17
One person supports this post
Send private message quote this post

JaseNZ:

 

Handle9:
JaseNZ:

 

Our overseas vendor, yada yada yada.

 

 

 

Why the hell are they not using locally sourced experience. 

 

 

 

Yup complete incompetence especially around something like this. 

 



What does an overseas vendor have to do with competence? There are plenty of Muppets in NZ

 

Absolutely but the government might as well pay our own muppets ๐Ÿ˜€. 

 

 

Would not surprise me if there was a project manager or finance person pushing for the cheapest fastest solution.

 

 

 

One of the risks you make when you try to go hard and fast is well, it can get messy...





#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.


3452 posts

Uber Geek


  # 2365170 2-Dec-2019 20:36
Send private message quote this post

 

We can confirm that a dealer with legitimate access to the online notification platform for the firearm buy-back programme has been able to view details of firearms owners.

 

We were notified of the error this morning when the dealer contacted us.

 

Upon being notified all efforts were made to immediately shut down access to the platform.

 

 

We have been able to identify the error back to an update made by our vendor last week which provided dealers a higher level of access to the notifications database.

 

The update was not authorised by Police.

 

Our investigations have shown only one dealer login has accessed the system since the update.

 

We believe this was an isolated incident and made possible due to human error.

 

The vendor for the online notification platform is German based global software company SAP.

 

The firearms buy-back programme is continuing and we will be using a manual process to manage the return of prohibited firearms.

 

The online notification platform will remain offline until we can be reassured by our vendor that the platform is secure.

 

We take the privacy of the public information we hold seriously and we will undertake our own additional checks to ensure the system is secure before the online notification platform is re-established.

 

We have advised the Office of the Privacy Commissioner and we are working to identify and then notify those whose information has been accessed.

 

——

 

Statement from SAP spokesperson:

 

SAP can confirm it was notified of a security breach to the New Zealand Police gun buy back system this morning.

 

The security breach indicated that a single dealer user had accessed information not intended to its user profile.

 

As soon as the full details of this incident were understood, all user profiles on the system, except for SAP consultants investigating, were locked, and remain so.

 

As part of new features intended for the platform, security profiles were to be updated to allow certain users to be able to create citizens records.

 

A new security profile was incorrectly provisioned to a group of 66 dealer users due to human error by SAP.

 

We unreservedly apologise to New Zealand Police and the citizens of New Zealand for this error.

 

The security of our customers and their data is of absolute priority to us.

 

A full internal investigation is already underway within SAP.

 

We continue to work with and offer our full resources to New Zealand Police to ensure the system is fully secure and up and running again as soon as possible.

 


81 posts

Master Geek


  # 2365244 3-Dec-2019 00:22
3 people support this post
Send private message quote this post

I'm just wondering how much the SAP bill will be by the end of all of this.


 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Intel introduces cryogenic control chip to enable quantum computers
Posted 10-Dec-2019 21:32


Vodafone 5G service live in four cities
Posted 10-Dec-2019 08:30


Samsung Galaxy Fold now available in New Zealand
Posted 6-Dec-2019 00:01


NZ company oDocs awarded US$ 100,000 Dubai World Expo grant
Posted 5-Dec-2019 16:00


New Zealand Rugby Selects AWS-Powered Analytics for Deeper Game Insights
Posted 5-Dec-2019 11:33


IMAGR and Farro bring checkout-less supermarket shopping to New Zealand
Posted 5-Dec-2019 09:07


Wellington Airport becomes first 5G connected airport in the country
Posted 3-Dec-2019 08:42


MetService secures Al Jazeera as a new weather client
Posted 28-Nov-2019 09:40


NZ a top 10 connected nation with stage one of ultra-fast broadband roll-out completed
Posted 24-Nov-2019 14:15


Microsoft Translator understands te reo Mร„ยori
Posted 22-Nov-2019 08:46


Chorus to launch Hyperfibre service
Posted 18-Nov-2019 15:00


Microsoft launches first Experience Center worldwide for Asia Pacific in Singapore
Posted 13-Nov-2019 13:08


Disney+ comes to LG Smart TVs
Posted 13-Nov-2019 12:55


Spark launches new wireless broadband "Unplan Metro"
Posted 11-Nov-2019 08:19


Malwarebytes overhauls flagship product with new UI, faster engine and lighter footprint
Posted 6-Nov-2019 11:48



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.