The Earthquake Commission (EQC) has issued an apology after a data breach, which involved around 8,000 customers’ claims information being leaked to one of its customers and their lawyer.
In a statement posted on the EQC website, chief executive Sid Miller said the information was provided to a customer, who was supposed to only gain access to their own claims details. This was despite EQC having multi-layered security measures to protect the information about its customers.
“Unfortunately, a staff member last Thursday failed to follow several key security steps, including well-established password protection of the documents, despite receiving the appropriate training,” Miller said.
According to the statement, as soon as EQC became aware of the breach, it took all possible steps to rectify the error and contain the information. The lawyer involved has deleted the documents and EQC is waiting for confirmation from the customer that they have done the same.
“We are also contacting all affected customers to apologise to them and explain the steps we have taken to protect their claims information,” said Miller, who added that he feels “embarrassed and frustrated” as this is not the first time an incident of this kind has occurred.
“The incident demonstrates that our systems, processes and training still require further tightening,” he said.
The EQC, with the support of a privacy expert, has launched a review into its systems and processes around the handling of customer information. The company will take steps to further reduce the chance of human errors and will ensure its staff get further training and follow proper security protocols.