The Government ordered Earthquake Commission (EQC) to shut down all its outgoing IT systems for the purpose of data security after it was hit by an email, sent leaking the private information the second time. The recent data breach is another privacy revelation, happening twice in less than a week for the organisation, after admitting to unintentionally release of the details of 80,000 claimants in its Canterbury Home Repair Programme – described “embarrassing” to this incident. Later, in Parliament it was revealed that a second email was also sent, which included the personal details of the claimants, like their names and bank account details. The email which was sent, as a result of another data breach, contained a spreadsheet file with 2200 names of the claimants and information including money owed in stopped cheques, which totals around $23 million.
Therefore, the Earthquake Minister Mr. Gerry Brownlee in response to the data breach incident, ordered the Earthquake Commission to shut a number of its IT systems down, as well as its external email service and business-to-business (B2B) exchanges. Brownlee also told Colin MacDonald, the Government’s chief information officer to investigate the incident to know what had happened, which remains unaware of the data security.
Brownlee told that he was “deeply distressed and concerned” by the leak occurring twice in a very short span of time, he also said that this data breach may lead to attribute to an IT problem.
“The recipient took the appropriate actions and advised EQC they had received the information in error through EQC’s online complaints process about a month ago,” he said.
Call for action
Earthquake Minister, Brownlee passed an order for EQC to immediately shut down all the external email systems including the IT Department, in order to defend emails from sending or receiving by the organisation. For this, all the business-to-business systems and data exchange activities as well as the accessing into EQC systems by external parties, has also been immediately ceased.
MacDonald has been tasked to investigate the problem and keep an eye on the implementation of a solution. “Mr MacDonald will develop a priority work programme to resolve and manage the issues with EQC’s information systems and bring its processes and procedures up to standard,” said Brownlee.
“I think this is a timely opportunity to draw breath after what has been a very rapid growth for EQC and ensure the privacy New Zealanders have the right to expect from any agency holding private information is offered to them by EQC.”
Privacy data breach ‘staggering’
Later, the Labour MP Lianne Dalziel announced about the data breach during Parliamentary Question Time. She also described the degree of the privacy breaches by EQC to be “staggering”. “This is an absolute scandal and proof that there is a systemic problem with the security of electronic data held by EQC and other agencies across the entire state sector,” she said after Question Time.
“New Zealanders take their privacy very seriously. But this Government has let them down time and time again. We’ve now had major breaches at EQC, ACC, MSD, IRD, Corrections and Novopay. “What will it take for this Government to act? It’s time to stop the flippant responses such as Gerry Brownlee dismissing it as ‘similar to putting the wrong address on an envelope’ and give New Zealanders the confidence they deserve that their information is safe.”
However, the moment topic was being raised in the parliament, Brownlee was banged on her dictum for the late information of the allegations which she had received long ago. “If the member considers this the breach that it appears to be I’m disappointed she didn’t contact my office to let me know that she is now in receipt of people’s private information,” he said in response to her questions. He added that she had time to contact him before the afternoon session began. “I will certainly check it out, and take whatever action is necessary to ensure that EQC does get on top of its system, so this sort of thing doesn’t happen,” he said. This exchange created commotion and jeering in the Parliament House, with some people calling to resign on Brownlee over the leaks happened, and asking the Speaker to call for an order. When a news channel named, ONE News contacted Earthquake Commission, it disagreed to comment on the latest privacy data breach allegation.
How can Alertsec help prevent such data breaches?
Alertsec cloud based information security service provides an easy and convenient way to protect information on your organization’s computers. No server, training or IT knowledge is required as everything is a part of the subscription plan. Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption has the highest security certifications – FIPS, Common Criteria, and BITS.
With Alertsec Xpress there is no impact on the performance of the encrypted computer. The Full Disk Encryption software is very fast and works on-the-fly by encrypting and decryption your files as you access them. Everything on your disk is encrypted, including the operating system and free space.