The Arts, Culture and Heritage Ministry suffered two data breaches only days before the Tuia 250 website debacle, National’s Data and Cybersecurity spokesperson Dr Shane Reti says.
In answers to written Parliamentary questions, the Arts, Culture and Heritage Minister confirmed that prior to the Tuia 250 website breach on August 22 – where more than 370 personal documents were compromised – two more breaches were reported, on July 31 and August 21.
One involved a misdirected email. The other resulted from incorrect settings on a database.
“The Tuia 250 website breach alone was unacceptable. Two more data breaches at the same ministry in such a short space of time is not good enough,” Dr Reti says.
“How could the Minister miss two cybersecurity red flags just days before the Tuia 250 data breach?
“We need to know exactly how many people were involved and what data was compromised. If the breaches include sensitive data, such as cell phone numbers for children under 18, then she needs to rethink her position on cybersecurity.
Other documents released to National raise concerns about the Tuia 250 breach.
“The number of people affected is estimated to be 302 but there was an emergency contact list among the data, and these people also had their details compromised,” Dr Reti says.
“It’s also suspicious that the Minister would not answer questions in Parliament about the personal relationship between the Tuia 250 developer and ‘one or more Ministry staff’.
“We know the developer is not on the Ministry’s approved list. This is looking more and more like a mate’s job gone wrong.”