New Zealand Transport Agency Loses USB With 1104 employees

Whilst we’re so familiar with cyberattacks and internet-based breaches/thefts, it can be easy to forget security breaches can also include the loss of physical devices. This is exactly what happened to the NZTA(New Zealand Transport Agency). During December of 2018, a USB drive containing the information of 1104 employees of the NTZA went missing somewhere between Auckland and Wellington during a transit procedure.

The information contained within the drive was supposed to serve the purpose

  • Date
  • First name
  • Last name
  • Contact email (NZTA email address)
  • Type of card (NZTA staff member)
  • Lanyard type (12mm black)
  • Card holder type (Single sided)
  • New or replacement card (new)
  • Contractor company if applicable (no content included)
  • Photo attached (Yes or No)
  • Delivery address for ID card (NZTA premises)
  • Further comments (no content included)
  • Signature (no content included)

The fear identity theft looms, but a

Shane Reti, the National’s Data and Cybersecurity spokesman had more than a few things to say in a press release:

“National has received documents which show the huge extent of the breach, cynically released by the Government just before the Christmas holidays…It is hard to believe and completely unacceptable that NZTA would courier staff identity data without password protection and without encryption…NZTA needs to immediately offer all 1104 staff identity theft protection to monitor and protect them if the stolen credentials are used. Email addresses may need to be changed and because photographs were included passport monitoring may also be required…The loss of the data drive is consistent with the cybersecurity laziness this Government has shown as Russian cyberattacks on DHBs, lack of 2-factor-authentication at the Ministry of Health, and now the loss of a data drive with no passwords and no encryption…”

It is still unclear whether the USB device has been found or not. The only clue revealed is it was lost between Auckland and Wellington. Considering how expansive both areas are, this doesn’t narrow down the search much.

 

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil