Thread: Major Data Breach

It’s been reported to appropriate channels. Where privacy issues occur the outcome of the breach is based on whether serious harm could occur to the individuals involved. This is assessed by Privacy Commissioner team.

Originally Posted by sportco62

Colfo need this information , as does ACT party.

This

Curious why would you report this to COLFO?

This example is just another private company doing a shoddy job of its tech and leaking personal information, sadly pretty common within NZ. Countless examples from crap IT to humans sending emails with the wrong attachments or including everyone in the recipient list. NZ has weak laws around privacy and what constitutes sensitive personal data, and especially weak on the penalties that can be applied (or are applied).

Originally Posted by seahunter

Curious why would you report this to COLFO?

This example is just another private company doing a shoddy job of its tech and leaking personal information, sadly pretty common within NZ. Countless examples from crap IT to humans sending emails with the wrong attachments or including everyone in the recipient list. NZ has weak laws around privacy and what constitutes sensitive personal data, and especially weak on the penalties that can be applied (or are applied).

Because COLFO are in a position to ensure this doesnt happen again through publicity by their PR company, plus a few other things that can be done behind the scenes.

I won’t be reporting this to anyone else. The job of Privacy Commissioner is to carry out the educational response to these issues by working with the company. I’m sure the gravity of the situation has been relayed to the company involved and implications for them around prosecution if it ever come to that.
I’m not turning this into a witch hunt or something to be politicised. It is as mentioned above, a private company made a cock up and it is now up to them to respond appropriately once they’ve evaluated the situation with the commissioner.

If COLFO would like to help educate other companies, it is as simple as reaching out and explaining this situation that’s just occurred. I’m not providing any proof as who knows what’ll become of that.

Originally Posted by McNotty

I won’t be reporting this to anyone else. The job of Privacy Commissioner is to carry out the educational response to these issues by working with the company. I’m sure the gravity of the situation has been relayed to the company involved and implications for them around prosecution if it ever come to that.
I’m not turning this into a witch hunt or something to be politicised. It is as mentioned above, a private company made a cock up and it is now up to them to respond appropriately once they’ve evaluated the situation with the commissioner.

If COLFO would like to help educate other companies, it is as simple as reaching out and explaining this situation that’s just occurred. I’m not providing any proof as who knows what’ll become of that.

Good on you mate

Originally Posted by McNotty

I won’t be reporting this to anyone else. The job of Privacy Commissioner is to carry out the educational response to these issues by working with the company. I’m sure the gravity of the situation has been relayed to the company involved and implications for them around prosecution if it ever come to that.
I’m not turning this into a witch hunt or something to be politicised. It is as mentioned above, a private company made a cock up and it is now up to them to respond appropriately once they’ve evaluated the situation with the commissioner.

If COLFO would like to help educate other companies, it is as simple as reaching out and explaining this situation that’s just occurred. I’m not providing any proof as who knows what’ll become of that.

Fuk no, snott the bastards. Inefficiency should be Done away with. Pay the price you yobbos is my motto.

WTF @mods kill this thread and contact police and company. Sorry but why would you make this public, asking for trouble.

Ted6. 5 why WOULDN'T you make it publicly known that there is sensitive data that has been leaked? The data was not shared on here, nor the name of the company or the company directors.

I fail to see anything that has been done wrong. In fact the opposite, as the OP has detailed that the right thing has been done. Others reading this in future will also know what is correct in this situation.

Originally Posted by Ted6. 5

WTF @mods kill this thread and contact police and company. Sorry but why would you make this public, asking for trouble.

The police were notified in the very first instance as soon as I found out. They’ve since been in touch and were hugely thankful.
The company was also contacted immediately and the data was deleted within a few hours and no longer available to the public. If anything, this thread will hopefully highlight the risks with these type of companies holding this data and people can take it upon themselves to ask the questions around their private information and use this as an example.
I understand the reasons for the companies to attain this data as the history of forestry hunting in this country is a shit show in terms of vandalism, poaching, theft plus all the H&S requirements that go with entering a forest.
I hindsight, maybe a public forum wasn’t the best place to start, but we got there in the end.

Glad you found it and not some a hole

Interesting point to note though.... Any pest control company is publicly searchable with the directors private addresses publicly listed.

I have been fighting this for years now asking for my details to be redacted citing the risk of P cat stuff and them outing my storage address. I have spoken with the Firearms Safety Authority, the Privacy Commissioner, the Companies office and ACT. Nicole is the only one who cares and is going to try to push through changes to the companies act to allow redaction.

Everyone else that I spoke to essentially just brushed it off as not their issue, all of this is documented in emails should anything ever happen.

No you cant legally list a PO Box or Lawyers/Accountants addresses either.

@McNotty Do you know if the company concerned has notified those possibly impacted yet?

Originally Posted by Mintie

Interesting point to note though.... Any pest control company is publicly searchable with the directors private addresses publicly listed.

I have been fighting this for years now asking for my details to be redacted citing the risk of P cat stuff and them outing my storage address. I have spoken with the Firearms Safety Authority, the Privacy Commissioner, the Companies office and ACT. Nicole is the only one who cares and is going to try to push through changes to the companies act to allow redaction.

Everyone else that I spoke to essentially just brushed it off as not their issue, all of this is documented in emails should anything ever happen.

No you cant legally list a PO Box or Lawyers/Accountants addresses either.

Same goes for any gun shop, gunsmith, gun supplier, gun part manufacturer etc.

Originally Posted by vulcannz

@McNotty Do you know if the company concerned has notified those possibly impacted yet?

Gidday, I’m unsure.

My family member on there hadn’t been contacted after talking to him in weekend.

I’ve got no idea what PC or police have done. You don’t typically hear back from them if it doesn’t directly affect you.