DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Commentary: ACC caught out in another privacy breach

Posted on March 24, 2012 by Dissent

It just goes from bad to worse at ACC (the Accident Compensation Corporation), it seems.  I had previously noted reports of a serious breach involving thousands of individuals’ claims.  Since the initial reports, more details have emerged that have made waves, but this newest report will have some just wanting to shut ACC down altogether.  From TVNZ:

 

The latest breach came about when ACC claimant Garth Paul asked to see his file – he had to make repeated requests to get the file as ACC sent only some documents. In the end, ACC sent him a file belonging to a different person.

Paul advised ACC it had sent him another person’s file, but did not reveal whose it was. He did however contact the man whose file was sent out.

The Sunday Star-Times has spoken to that man. We are not naming him to protect his privacy. “I was so angry when I found out. But it’s typical behaviour of ACC,” he said. “I said to him [Garth Paul], hang on to it [the file], use it to show what they’re like.”

He and Paul say ACC’s systems are so bad the case managers cannot work out whose file they breached and have yet to contact the client to let him know his file was wrongly sent out and apologise.

If it were not for Paul contacting him, he would be unaware of the error.

Okay, you’re thinking, we’ve seen that type of mailing error before many, many times…. from all over the world.  But that’s just the latest in what now appear to be a string of privacy screw-ups failures.

Dunedin ACC client Bruce Van Essen has had an ongoing battle over breaches of his privacy. He says the ACC computer storage of clients’ confidential medical records is so primitive the records can be viewed by virtually every employee from a mailroom assistant up. Van Essen found his ACC files had been accessed 2800 times since 2006 – a figure he said could not be justified by everyday claims management. Pullar said her file had been accessed 2000 times over three-and-a-half years by a total of 137 people.

Helping fan the flames, the media got some actual data:

The Sunday Star-Times found the privacy commissioner received 61 privacy complaints about ACC in the last year. Of those, 15 were found to have substance and were subsequently settled. One has been referred to the director of Human Rights Proceedings, who will decide if it will go to a tribunal hearing. The figures show ACC privacy concerns are endemic. There were 57 complaints to the commissioner in 2009/10 and 43 in 2008-09.

Read more on TVNZ.

If this makes ACC look bad, it may make the Privacy Commissioner and legislature look even worse. Why have there been no effective controls required or implemented already?

Weak laws? Strengthen them already.

Strong laws? Enforce them already.

But do something effective.

Category: Breach IncidentsExposureMiscellaneousNon-U.S.Of NoteOther

Post navigation

← Norwegian government portal compromises users’ personal information
Skeptical Science hacked, private user details publicly posted online →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Ransomware group Gunra claims to have exfiltrated 450 million patient records from American Hospital Dubai.
  • North Shore University Sleep Disorders Center employee charged with secretly recording patients in restrooms
  • When ransomware listings create confusion as to who the victim was
  • Rajkot civic body’s GIS website hit by cyber attack, over 400 GB data feared stolen
  • Taiwan’s BitoPro hit by NT$345 million cryptocurrency hack
  • Texas gastroenterology and surgical practice victim of ransomware attack
  • Romanian Citizen Pleads Guilty to ‘Swatting’ Numerous Members of Congress, Churches, and Former U.S. President
  • North Dakota Enacts Financial Data Security and Data Breach Notification Requirements
  • Pro-Ukraine hacker group Black Owl poses ‘major threat’ to Russia, Kaspersky says
  • Vanta bug exposed customers’ data to other customers

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Florida ban on kids using social media likely unconstitutional, judge rules
  • State Data Minimization Laws Spark Compliance Uncertainty
  • Supreme Court Agrees to Clarify Emergency Situations Where Police Don’t Need Warrant
  • Stewart Baker vs. Orin Kerr on “The Digital Fourth Amendment”
  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.