NZ Privacy Breach 3 December 2019. SAP apologises after NZ firearms registry upgrade privacy breach.

Gun buyback site shut down.

Organisation Statement: Privacy breach of online notification platform for firearm buy-back programme
Source: SAP apologises after NZ firearms registry upgrade privacy breach

A systems update by SAP for the cloud platform used by the New Zealand police as part of its government-mandated gun buyback of semi-automatic rifles caused a privacy breach, leading to the entire online system being shut down.

Deputy commissioner Mike Clement said the problem was reported to NZ police by an arms dealer with legitimate access to the firearm buyback site, who was able to view details of gun owners.

Clement said that the system update was not authorised by the police, and lead to arms dealers having a higher level of access to notifications in the registry database than they should have had.

Police said only one dealer logged in after the update, making the breach an isolated incident. The personal details of gun owners, particularly location based data, is regarded as acutely sensitive.