NZ Incident: Data breach after lax New Zealand Transport Agency (NZTA) security | Stuff.co.nz

Posted by Steven Kirby | Sep 9, 2019 | API Security, Configuration, Data Breach, 🥝 NZ Incidents, Federal Government, New Zealand, Stuff.co.nz | 0 |

Data breach after lax New Zealand Transport Agency (NZTA) security

The NZ Transport Agency admits to a technology botch up leaving what was meant to be a highly secure data key wide open.

The transport agency can confirm the Google API was incorrectly left open as part of the Traffic Watcher pre-production set up.

The key is a unique code used to access data from Google’s application programming interface (API), in this case through 2018 and in early 2019. It was used to build Traffic Watcher, an online tool for transport operations centres, maintenance contractors and the police.

Sources familiar with the system said when Traffic Watcher was soft-launched in early 2019 this unique key was hardcoded into it, so those with simple IT skills could view and copy it. Equipped with that key, it was possible to access other API data with billing passed to NZTA.

Source: Data breach after lax New Zealand Transport Agency (NZTA) security

About The Author

Steven Kirby

I provide independent and practical consultancy services through raising awareness and fostering the energy for change that delivers improved business management of information security governance, risk and compliance.

Leave a Reply Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

More Australian News

Audit: Australian Senate Estimates reveal 435 Chinese-made surveillance devices found at defence sites
by Steven Kirby on June 4, 2023
Defence Internal Audit Finding 31 May 2023 Australian Senate questioning reveal 435 Chinese-made surveillance devices found at defence sites Defence …
Steven Kirby on LinkedIn: The Essential Eight Cyber Security Guidelines | Microsoft
by Steven Kirby on June 4, 2023
https://lnkd.in/gZAjz-vm
Nivedita Newar on LinkedIn: Mandatory Cyber Incident Reporting Obligation
by Nivedita Newar on June 4, 2023
Awareness Refresher: If you are a cyber security team member in any role working for any of the 13 critical infrastructure sectors under the SOCI Act…
The Essential Eight Cyber Security Guidelines | Microsoft
by Microsoft on June 4, 2023
The Essential Eight cyber security guidelines for business Malicious cyber activity is increasing in frequency, scale, and sophistication throughout …
Breaking Down the Security of Critical Infrastructure Act
by Wouter Veugelen on June 2, 2023
On 17 February 2023, the Critical Infrastructure Risk Management Program (CIRMP) requirements came into effect. The clock is now ticking for more …
An interview with Gilbert Tobin discussing artificial intelligence in Australia
by Gilbert + Tobin on June 2, 2023
...will apply in respect of any personal information or sensitive information (as defined in the Privacy Act) that is ingested in or used by an AI …
Death and digital assets - Decoding digital assets in estate administration
by Ilana Kacev on June 2, 2023
The ever-evolving digital landscape has changed the concept of what an asset is, beyond that of mere physical possessions to now including numerous …
Regulatory focus on combatting scams and strengthening cyber resilience continues
by Kate Hilder on June 2, 2023
We outline the latest announcements from APRA and ASIC As previously reported, following a record year for consumer scam losses, regulators, have …
Services Australia sharing password-crackers with Dept of Education
by Jeremy Nadel on June 2, 2023
Services Australia has provided smartphone-hacking technology to the Department of Education and other unnamed agencies to assist them in …
Toyota does U-turn, confirms thousands of Australian customers hit by latest data breach
on June 1, 2023
A fortnight after its most recent customer data breach in Japan, Toyota Australia has confirmed the details of almost 3000 local owners were exposed …

Weekly Australian News and Monthly Incident Review Emails

No advertisements, marketing, sales, or unsolicited emails. Your email address is ONLY used to send the publications listed above.

Featured

Incident: Thousands of identifiable Northern Territory patient health files sent to overseas-based software vendor in government data breach | ABC News (Australia)

Featured

Incident: Drug and alcohol tests of graduate paramedics revealed in Ambulance Victoria data breach | The Guardian

Incident: TechnologyOne investigates 'cyber incident' on M365 system | iTnews

Incident: Crown Princess Mary Cancer Centre in Westmead Hospital in cyber attack, hackers threatening to release stolen data | ABC News (Australia)

Incident: Australian law firm HWL Ebsworth hit by Russian-linked Blackcat ransomware attack | The Guardian

Featured

Audit: Australian Senate Estimates reveals 435 Chinese-made surveillance devices found at defence sites

Featured

Audit: Western Australia Auditor General's Local Government Information Security Audit 2021-22 reports 324 control weaknesses

Audit: Western Australia Auditor General's State Government Information Systems Audit 2021-22

Audit: Queensland Audit Office's State Entities 2022 reports deficiencies in information systems

Audit: Victoria audit warns of weak IT controls in council systems | iTnews

Featured

Quote: Elijah Shaw "In the battle of real world vs..."

Featured

Quote: Kirsten Manthorne "You are an essential ingredient in our ongoing effort to reduce Security Risk.”

Quote: H. Stanley Judd "The ultimate security is your understanding of reality."

Quote: Gilda Radner "There is no real security except for whatever you ..."

Quote: Germaine Greer "Security is when everything is settled, when nothing ..."

NZ Incident: Data breach after lax New Zealand Transport Agency (NZTA) security | Stuff.co.nz

Data breach after lax New Zealand Transport Agency (NZTA) security

The NZ Transport Agency admits to a technology botch up leaving what was meant to be a highly secure data key wide open.