Menu
Burglary: Police called in over Commerce Commission data loss

Burglary: Police called in over Commerce Commission data loss

Data loss from a burglary at an external provider may have compromised confidential material

Anna Rawlings (Commerce Commission)

Anna Rawlings (Commerce Commission)

Credit: Supplied

The Commerce Commission is working with Police and taking a range of other actions following the theft of computer equipment containing records of its activities.

The Commission was informed last week that more than 200 meeting and interview transcripts across a range of the Commission’s work were contained on computer equipment stolen in the burglary of an external provider.

The transcripts may date back to early 2016 and contain some confidential information businesses and individuals have provided the Commission. 

The Commission’s own network and systems were not breached. 

The information potentially contained on the stolen computer equipment does not include any documents or general consumer complaints provided to the Commission.
 
Chief executive Adrienne Meikle says the Commission has been in close contact with Police and is confident that every possible action is being taken to locate and recover the stolen equipment.

“We are in the process of contacting those affected to discuss the details of the information potentially compromised," he said. 

Some of the information is subject to a confidentiality order issued by the Commission under section 100 of the Commerce Act. 

"This makes it a criminal offence for any person in possession of the devices or information from the devices to disclose or communicate it to anyone while the orders are in force. We are also exploring other potential legal avenues to help protect the confidentiality of the information,” Meikle said.

 Ccomcom said it will also no longer be using the external provider, which was subject to contractual and confidentiality obligations to ensure that information was stored securely and deleted after use. 

"The provider has informed us it did not meet these obligations," Meikle said.

“While this breach has resulted from criminal activity and our provider failing to meet the obligations we placed on it, it is our job to keep sensitive information safe and we apologise unreservedly to those affected. 

"We acknowledge the distress this incident may cause businesses and individuals who have provided information to us in confidence.” 

Commission Chair Anna Rawlings said two separate independent reviews have been initiated in response to the incident. In addition, the Commission will be contacting its third-party suppliers to seek assurances that they are meeting its expectations in relation to information handling and have systems and processes in place to protect its information.

“Information security is crucial to our role and it is vital that those who interact with us can be confident in our ability to protect confidential and commercially sensitive information," Rawlings said. 

"We have engaged Richard Fowler QC to undertake an independent review of the circumstances that led to this specific incident.

“Separately, we have also engaged KPMG to review our information handling processes, including third-party supplier engagements. These reviews will report directly to me and the Commission Board. We will make the findings public once we have considered them and any recommendations made.”

The Commission said it will not be releasing further details about the burglary, the identity of the external provider or the exact nature of the information that may have been on the stolen equipment.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags data losspoliceCommerce Commission

Events

Featured

Slideshows

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

This year’s Reseller News 30 Under 30 Tech Awards were held as an integral part of the first entirely virtual Emerging Leaders​ forum, an annual event dedicated to identifying, educating and showcasing the New Zealand technology market’s rising stars. The 30 Under 30 Tech Awards 2020 recognised the outstanding achievements and business excellence of 30 talented individuals​, across both young leaders and those just starting out. In this slideshow, Reseller News honours this year's winners and captures their thoughts about how their ideas of leadership have changed over time.​

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners
Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

This exclusive Reseller News Exchange event in Auckland explored the challenges facing the partner community on the cloud security frontier, as well as market trends, customer priorities and how the channel can capitalise on the opportunities available. In association with Arrow, Bitdefender, Exclusive Networks, Fortinet and Palo Alto Networks. Photos by Gino Demeer.

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security
Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomed 2019 inductees - Leanne Buer, Ross Jenkins and Terry Dunn - to the fourth running of the Reseller News Hall of Fame lunch, held at the French Cafe in Auckland. The inductees discussed the changing face of the IT channel ecosystem in New Zealand and what it means to be a Reseller News Hall of Fame inductee. Photos by Gino Demeer.

Reseller News welcomes industry figures at 2020 Hall of Fame lunch
Show Comments