Privacy breach at Ministry of Culture and Heritage
Manatū Taonga, the Ministry for Culture and Heritage, is investigating a serious digital privacy breach involving the Tuia 250 Voyage trainee programme.
Would-be participants in the programme were asked to present proof of their age and most supplied scanned copies of drivers licences, passports, student IDs and birth certificates.
Some 373 documents were then left on an unsecured part of the website since June. A parent of one of the applicants alerted the Ministry to a fraud attempt using a copy of a driver's licence apparently in an attempt to buy concert tickets.
The Ministry has shut down the website and alerted all 302 trainees to the issue, advising them to make contact with Ministry officials to determine what to do next about their data.
Chief Executive Bernadette Cavanagh has apologised to all those caught up in the breach.
"I acknowledge that this is completely unacceptable and am using every resource available to me to support them through this issue."
The Ministry has called in an external party to conduct a review to determine what exactly happened.
"Our advice from our security investigators is that this wasn't a targeted attack on the website, but rather an opportunistic finding of information that wasn't as secure as it should have been," says Cavanagh in a written statement.
The Ministry is also in contact with Google and others to remove any cached copies of the site to try to mitigate any further breach.
The breach comes as the government is reviewing the current Privacy Act with a view to tightening up its measures in light of numerous privacy lapses around the world. Part of the new Bill currently includes mandatory reporting requirements but it lacks the teeth of equivalent legislation in other jurisdictions. The largest fine for such a loss in New Zealand under the Bill is $10,000.
You must be logged in in order to post comments. Log In