The New Zealand Transport Agency (NZTA) has admitted to a technology botch up leaving what was meant to be a highly secure data key wide open.
"The transport agency can confirm the Google API was incorrectly left open as part of the Traffic Watcher pre-production set up," NZTA said in statement.
Equipped with that key, it was possible to access other API data with billing passed to NZTA.
READ MORE: * Whistleblowing blues – NZ Transport Agency staff scared to speak up about management problems * Damning report canes Transport Agency team for "weak" and "lax" financial management * NZTA calls in auditors to investigate its Connected Journeys unit * Alison Mau: A lax NZTA culture has allowed dangerous practices to flourish * Google hid Google+ security flaw that exposed users’ personal information NZTA denied the bungle cost taxpayers but admitted it did not keep track of such expenses.
"There was one known attempt by a contractor to use this API, which Google shut down as part of their management and security processes, and so stopped access," NZTA said in a statement.
The agency denies this: "At no time has NZTA faced increased costs over its licenced amounts for access through Traffic Watcher, nor has the agency incurred any additional costs as a result."
Transport Minister Phil Twyford's office said he was made aware of the Traffic Watcher app, and the costs and problems at Connected Journeys, as part of the July review.