New Zealand Earthquake Commission Acknowledges Data Breaches
Two breaches in quick succession have led to the shutdown of the EQC's Internet and e-mail systems.
Following a disclosure on March 22nd that a privacy breach at New Zealand's Earthquake Commission (EQC) had exposed the personal information of 9,700 claimants, the EQC has now stated that information was exposed regarding all 83,000 people who filed 98,000 claims following the February 2011 Christchurch earthquake.
The EQC's Web site is currently unavailable, with a statement reading simply, "The Government has requested the Earthquake Commission shut down all its external email systems and Internet while a review of our systems is undertaken."
According to the EQC's initial statement regarding the breach, the information was mistakenly e-mailed to someone outside the EQC who was not the intended recipient.
According to Radio New Zealand, the recipient used the EQC's online complaints system to let them know that he'd received the information. The recipient did apparently agree to destroy the information he'd received, which included claim numbers and street addresses, but not customer names.
"I am really disappointed that this breach has occurred," EQC chief executive Ian Simpson said in a statement. "I apologize unreservedly that private customer information was sent to the wrong person. I want to assure our customers that every effort will be directed at ensuring this doesn't happen again."
Unfortunately, that wasn't the end of it -- yesterday, a second breach was disclosed, in which a spreadsheet containing 2,200 names and other information regarding $23 million in checks was sent to the wrong person. Radio New Zealand reports that Simpson said in response to the second breach, "We moved as quickly as we possibly could to address the issues that came around last week. But clearly, more dramatic steps are required."