EQC shuts down systems after privacy breaches
New Zealand’s Earthquake Commission (EQC) has been forced into an embarrassing technology shutdown after two privacy breaches.
It comes after Bryan Staples, a loss adjuster and critic of the EQC, received an email with details of 98,000 claims from 83,000 people when his address was added in error.
“They could not have sent it to a worse person,” he told New Zealand media.
In another case an email containing information on cancelled cheques worth $NZ23 million ($18.5 million) was sent to a member of the public.
Last week, a former Earthquake Commission employee was leaked similar information to the database Mr Staples received.
He wishes to remain anonymous, but has announced on his blog he will release individual case details to homeowners who can prove their identities.
About 75 people have been given their details, including the value the EQC has assigned to their claim, New Zealand media reported today.
EQC CEO Ian Simpson has offered to resign but Earthquake Recovery Minister Gerry Brownlee insists he has full confidence in him.
The commission shut its website, email and database over the Easter weekend to check its systems.
Staff can now send and receive emails again, but cannot attach documents to outgoing messages.
Decisions on future email use have yet to be made and the EQC is considering ways to make it more secure, a spokesman told insuranceNEWS.com.au.
The claims management system is working but the EQC says processing and payment will be delayed.
The leaked claims details include home repair cost estimates, which in some cases vary from the actual amounts paid.
Mr Staples has given two examples of clients receiving settlements significantly below the EQC estimate.
The commission says repair cost estimates change over time because initial damage assessments may be broad.
“The EQC must keep this figure confidential to maintain the ‘competitive tension’ in the market that enables us to get quotes that reflect the market,” it said.
The breaches follow a similar leak last year at New Zealand’s Accident Compensation Corporation, when 6748 claimants’ personal details were mistakenly sent to a client in dispute with the body.