Menu
SAP unreservedly apologises for NZ gun register privacy breach

SAP unreservedly apologises for NZ gun register privacy breach

Unauthorised upgrade fingered for breach of database

SAP has unreservedly apologised for a privacy breach at NZ Police.

SAP has unreservedly apologised for a privacy breach at NZ Police.

Credit: Photo 102040118 © Josefkubes - Dreamstime.com

An SAP spokesperson has unreserveredly apologised for a privacy breach of the platform being used for New Zealand's firearms buyback .

The company said analysis of the security breach indicated that a single dealer user had accessed information not intended to their user profile.

"As soon as the full details of this incident were understood, all user profiles on the system, except for SAP consultants investigating, were locked, and remain so," the spokesperson said.

As part of new features intended for the platform, security profiles were to be updated to allow certain users to be able to create citizens records.

A new security profile was incorrectly provisioned to a group of 66 dealer users due to human error by SAP.

"We unreservedly apologise to New Zealand Police and the citizens of New Zealand for this error," the SAP spokesperson said.

"The security of our customers and their data is of absolute priority to us. A full internal investigation is already underway within SAP."

Deputy commissioner Mike Clement confirmed a dealer with legitimate access to the online notification platform for the firearm buy-back programme had been able to view details of firearms owners.

Police were notified of the error this morning when the dealer contacted them.

"Upon being notified all efforts were made to immediately shut down access to the platform," Clement said.

"We have been able to identify the error back to an update made by our vendor last week which provided dealers a higher level of access to the notifications database."

The update was not authorised by Police.

Investigations have shown only one dealer login had accessed the system since the update.

"We believe this was an isolated incident and made possible due to human error," Clement said.

"The firearms buy-back programme is continuing and we will be using a manual process to manage the return of prohibited firearms."

The online notification platform will remain offline until Police are reassured by SAP that the platform is secure.

Police have advised the Office of the Privacy Commissioner and we are working to identify and then notify those whose information has been accessed.

SAP won the gig to supply the register in July after the gun buyback was put in place for semi-automatic weapons similar to those used in the Christchurch terror attack.



Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags SAPbuybackfirearmsPolice register

Events

Featured

Slideshows

Channel kicks 2021 into gear as After Hours returns to Auckland

Channel kicks 2021 into gear as After Hours returns to Auckland

After Hours made a welcome return to the channel social calendar with a bumper crowd of partners, distributors and vendors descending on The Pantry at Park Hyatt in Auckland to kick-start 2021.

Channel kicks 2021 into gear as After Hours returns to Auckland
The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

Hundreds of leaders from the New Zealand IT industry gathered at the Hilton in Auckland on 17 November to celebrate the finest female talent in the Kiwi channel and recognise the winners of the Reseller News Women in ICT Awards (WIICTA) 2020.

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards
Show Comments