EQC privacy breach
EQC privacy breach
22 Mar 2013
The Earthquake Commission has confirmed a serious privacy breach at the organisation.
This morning information about 9700 claims, including claim numbers and street addresses, was inadvertently sent to one person outside EQC who was not the intended recipient.
The information sent did not include customer names. Most of the information would require knowledge of EQC’s internal workings in order to interpret it.
EQC chief executive Ian Simpson says EQC staff contacted the recipient as soon as the breach was identified. The recipient has agreed to destroy all the information.
“I am really disappointed that this breach has occurred. I apologise unreservedly that private customer information was sent to the wrong person.
“I want to assure our customers that every effort will be directed at ensuring this doesn’t happen again.
“We will begin contacting affected customers from early next week to advise them of the breach.”
Mr Simpson says the breach affects only customers in the EQC Canterbury Home Repair Programme whose repairs are yet to begin.
EQC is consulting with relevant agencies and will be beefing up procedures for encrypting and securely accessing sensitive data and rules for using email to send sensitive documents.
“We will commission an independent review of the breach and take steps from that review to ensure this doesn’t happen again.”
ENDS