EQC leaks thousands of private claims details – again
New Zealand’s Earthquake Commission (EQC) apologised today for “unintentionally” sending thousands of private claims details to a customer and their lawyer.
The claimant was only supposed to receive their own claims information, but was sent material relating to 8000 others.
“Unfortunately, a staff member last Thursday failed to follow several key security steps, including well-established password protection of the documents, despite receiving the appropriate training,” CEO Sid Miller said.
A similar incident took place in 2013 when information about 9700 claims was sent out to one individual. CEO at the time Ian Simpson pledged that “every effort will be directed at ensuring this doesn’t happen again”.
EQC says as it took all possible steps to rectify the latest error and contain the information.
The lawyer involved has deleted the documents and EQC is waiting for confirmation from the customer that they have done the same.
“We are also contacting all affected customers to apologise to them and explain the steps we have taken to protect their claims information,” Mr Miller said.
He says he feels “embarrassed and frustrated” as new systems and security measures were put in place after the earlier incident.
“Whilst it is difficult to protect any organisation from human error, the incident demonstrates that our systems, processes and training still require further tightening,” he said.
Mr Miller says a review of EQC systems and processes will be carried out, supported by a privacy expert.
“For the past few years, we have been focused on implementing the feedback from our customers to improve our services, so this human error is a massive blow to all our staff who have been working tirelessly to regain the confidence of the New Zealand public.”