Data breach after lax NZTA security
Stuff.co.nz - Tue 10 Sep 03:59 GMT

NZ Transport Agency admits to a technology botch up leaving what was meant to be a highly secure data key wide open.

  The New Zealand Transport Agency (NZTA) has admitted to a technology botch up leaving what was meant to be a highly secure data key wide open.

  "The transport agency can confirm the Google API was incorrectly left open as part of the Traffic Watcher pre-production set up," NZTA said in statement.

  Equipped with that key, it was possible to access other API data with billing passed to NZTA.

  READ MORE: * Whistleblowing blues – NZ Transport Agency staff scared to speak up about management problems * Damning report canes Transport Agency team for "weak" and "lax" financial management * NZTA calls in auditors to investigate its Connected Journeys unit * Alison Mau: A lax NZTA culture has allowed dangerous practices to flourish * Google hid Google+ security flaw that exposed users’ personal information NZTA denied the bungle cost taxpayers but admitted it did not keep track of such expenses.

  "There was one known attempt by a contractor to use this API, which Google shut down as part of their management and security processes, and so stopped access," NZTA said in a statement.

  The agency denies this: "At no time has NZTA faced increased costs over its licenced amounts for access through Traffic Watcher, nor has the agency incurred any additional costs as a result."

  Transport Minister Phil Twyford's office said he was made aware of the Traffic Watcher app, and the costs and problems at Connected Journeys, as part of the July review.