SAP Blunder Exposes Gun Owners’ Personal Data
SAP has been forced to apologize after an internal error leaked the personal data of tens of thousands of gun owners to dealerships in New Zealand.
The German software giant is supporting a government gun buyback scheme introduced in the wake of the deadly mass shootings in Christchurch earlier this year.
As part of this policy, owners can return their firearms to accredited dealerships as well as police stations, registering their weapons first on a dedicated website.
However, problems with an SAP update appear to have led to highly sensitive details being made accessible to scores of those dealers. It’s thought that they included names, addresses, dates of birth, firearms licence numbers and bank account details — with as many as 38,000 potentially affected.
“As part of new features intended for the platform, security profiles were to be updated to allow certain users to be able to create citizens records,” a reported statement from the firm explained.
“A new security profile was incorrectly provisioned to a group of 66 dealer users due to human error by SAP… We unreservedly apologize to New Zealand Police and the citizens of New Zealand for this error.”
Police have apparently shut down the database temporarily after receiving reports of the privacy snafu from dealers, and will continue to manage the process manually.
Unsurprisingly, gun lobbyists have gone on the offensive.
“It’s a shopping list for criminals,” argued Nicole McKee of the Council of Licensed Firearms Owners, adding that gun owners considering the buyback scheme are “now being told they have to comply with a system that cannot be trusted.”
There are fears that Kiwi gun owners could now have their properties targeted by criminals.
Source: Information Security Magazine