Select Page

NZ Incident: Data breach after lax New Zealand Transport Agency (NZTA) security | Stuff.co.nz

NZ Incident: Data breach after lax New Zealand Transport Agency (NZTA) security | Stuff.co.nz

Data breach after lax New Zealand Transport Agency (NZTA) security

The NZ Transport Agency admits to a technology botch up leaving what was meant to be a highly secure data key wide open.

The transport agency can confirm the Google API was incorrectly left open as part of the Traffic Watcher pre-production set up.

The key is a unique code used to access data from Google’s application programming interface (API), in this case through 2018 and in early 2019. It was used to build Traffic Watcher, an online tool for transport operations centres, maintenance contractors and the police.

Sources familiar with the system said when Traffic Watcher was soft-launched in early 2019 this unique key was hardcoded into it, so those with simple IT skills could view and copy it. Equipped with that key, it was possible to access other API data with billing passed to NZTA.

Source: Data breach after lax New Zealand Transport Agency (NZTA) security

About The Author

I provide independent and practical consultancy services through raising awareness and fostering the energy for change that delivers improved business management of information security governance, risk and compliance.

Leave a Reply Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

More Australian News

Receive Weekly Australian News and Monthly Incident Review Emails

No advertisements, marketing, sales, or unsolicited emails. Your email address is ONLY used to send the publications listed above.

* indicates required


Shares
Share This