Recent events show that SAP implementations could still be vulnerable to certain security issues as German software giant apologises for human error in system leading to gun buy-back data breach.
In an article, Newshub reports that SAP issued its apology to New Zealand data breach that revealed private information such as the gun owner’s name, residence, and firearms.
The data breach occurred during the change in access that was issued to dealers who were going to join. No hacking was involved, but 66 dealers received access to very sensitive information.
Police Minister, Stuart Nash, said that he still has confidence in the buy-back scheme. He also said that there is no need to start again; however, there are already individuals urging him to resign.
In his statement during the post-Cabinet press conference with Prime Minister Jacinda Ardern, Nash said that things are going well.
A dealer informed the police about the breach, and they responded by shutting down the platform, which was used to register firearms. Moving forward, a manual process will be used to manage the return of prohibited firearms.
Deputy Commissioner Mike Clement said that the platform would remain offline for the time being until the vendor can guarantee that it is secure once again.
The police and the Government said that SAP, who supplied the database infrastructure, gave incorrect software permissions to a dealer.
SAP has issued an apology and a statement last Monday afternoon.
A spokesperson explained that part of the new features that were intended for the platform involved the updating of security profiles that will allow certain users to create citizen records. He added that the new security profile was “incorrectly provisioned due to human error by SAP.” He also noted that a full investigation is underway.
The spokesperson added:
“We unreservedly apologise to New Zealand Police and the citizens of New Zealand for this error.”
Ardern explained the reason why dealers had access to the information citing that “the dealers were created as agent authorities that could be part of the buy-back process. He emphasised that access was deliberately provided with the intent that it will be used with responsibility.
Ardern explained the reason why dealers had access to the information and said that “the dealers were created as agent authorities that could be part of the buy-back process. He emphasised that the access was deliberately provided with the intent that it will be used with responsibility.
The breach also raised concerns from the firearms community. They specifically pointed out the Government’s plans to introduce a gun register, which is expected to be a part of the second phase of gun law reforms.
Amidst the New Zealand data breach crisis, ACT leader, David Seymour, blames the Police Minister noting that he refused to take responsibility and ultimately blamed the police and a software provider.
Firearms owners also shared their sentiments about the breach noting how most of them handed their guns following the announcement of the ban to ensure the safety of New Zealand; however, they are now worried about their security being compromised.
Meanwhile, Nash added that the Government was able to take out around 43,000 firearms, noting that the majority of the firearms are categorised as the type that is used to kill people and not primarily for hunting.