3 News reports that the personal information of approximately 3,500 members of the New Zealand Dental Association (NZDA) appears to have been accessible online for more than a year (h/t DataBreaches.net).
A test website built for the organization by an independent contractor in April 2013 included access to an NZDA user database that listed members' names, titles, home addresses, phone numbers, email addresses, user names and passwords.
NZDA CEO Dr. David Cram told 3 News that it's not clear how the test site was made publicly accessible, and has refused to identify the third-party contractor involved. "The best answer I can get at the moment is that maybe an email has at some point been hacked and it's contained the file name," he said. "There's obviously been some underhandedness."
All NZDA user passwords were reset after the breach was discovered by 3 News.https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=i
New Zealand's Office of the Privacy Commissioner has described the breach as "serious," stating, "Whether it breaches any laws depends on why the breach has happened. Under the Privacy Act, agencies have to take reasonable steps to keep information secure."