Data breach after lax New Zealand Transport Agency (NZTA) security
The NZ Transport Agency admits to a technology botch up leaving what was meant to be a highly secure data key wide open.
The transport agency can confirm the Google API was incorrectly left open as part of the Traffic Watcher pre-production set up.
The key is a unique code used to access data from Google’s application programming interface (API), in this case through 2018 and in early 2019. It was used to build Traffic Watcher, an online tool for transport operations centres, maintenance contractors and the police.
Sources familiar with the system said when Traffic Watcher was soft-launched in early 2019 this unique key was hardcoded into it, so those with simple IT skills could view and copy it. Equipped with that key, it was possible to access other API data with billing passed to NZTA.