The Firearms Safety Authority faces scrutiny after accidentally leaking details of Auckland firearms owners. In an email to over 100 gun owners, their addresses, including names, were visible in the cc field instead of the bcc section, exposing sensitive information of prominent residents like lawyers, company directors, police officers, and government officials.
Furthermore, the email, sent by the Firearms Safety Authority, raised privacy concerns as it was signed by both NZ police and the new authority responsible for administering the newly launched gun register. The incident was attributed to human error and is being treated as a privacy breach, prompting a review of email processes.
The accidental data leak comes at a critical time, as the firearms registry recently went live amid fears of data safety. Last year, thousands of gun owners’ information was stolen from the old Auckland central police station, sparking concerns about potential burglaries targeting firearms owners. The recent breach heightened anxiety among affected gun owners, one of whom expressed frustration over having his incorrect address shared with 100 unknown recipients.
Superintendent Richard Wilson emphasized that the event was not related to information securely held in the system but rather a human error. The authority plans to contact affected recipients, apologizing for the breach and strengthening email processes.
ACT firearms spokesperson Nicole McKee criticized the police’s inability to keep licensed firearms owners’ data secure, calling the full registration of firearms a wasteful and dangerous exercise. The incident highlights the importance of implementing comprehensive security protocols across all IoT devices, including home fitness gear, to safeguard user information and prevent unauthorized access to enterprise networks.
Network administrators should consider visibility solutions that monitor communications across IoT devices, administering zero-trust access policies to protect against vulnerabilities and potential threats like malware, botnets, and DDoS attacks.
