POLICE FIREARM DATA BREACH UPDATE #3: IMAGES NOW AVAILABLE
MONDAY 2 DECEMBER 2019
COLFO has released images in which the Police online database revealed full contact and bank details of all 37,125 owners and each of the 280,000 prohibited items they own or owned before hand-in.
The notification system is an online webpage where members of the public notify Police of prohibited firearms or related items they own and intend to hand-in.
Many of the owners would still have the firearms and accessories at their homes when the Police data was publicly accessible.
Multiple licensed owners witnessed the data error, and Police were notified early this morning. Members of the public were still able to log into the notification system until noon.
COLFO Spokesperson Nicole McKee says Government’s planned firearm registry is now doomed.
“Police cannot talk themselves out of the privacy breach like this – the ramifications are too severe.
“Police promised Members of Parliament that data on a firearm registry would be secure. Yet this registry of 280,000 prohibited firearms and accessories was publicly available. That’s what Police said could not happen. It has, and it’s an unmitigated disaster.
“If Parliament still agrees to a register, they are signing off this failure to happen again, but on an even bigger scale – affecting all 250,000 licenced firearm owners.”
Transmission note from Franks Ogilvie:
To whom it may concern
The attached screen shots are examples only of the information that was readily accessible from what was sent to us. We have seen pages of similar numbers and data.
The information was, at our request, sent to us directly by one of the people who drew to COLFO attention the fact that when he logged into the portal to complete a notification, he found he had access to what appeared to be the notifications of an extraordinary number of other notifications.
We know of no reason to mistrust the explanation by the source of how it came to his attention, or any other of his statements.
The accessibility of such information through the portal was separately reported to our clients by others, and we have spoken directly to a person who logged in to verify the ease of access.
Subsequently, another source not known to us, but known to and trusted by a COLFO person who is well known to us reported having accessed the portal for his own notifications, and finding access to 280,000 notifications. His description of the data available is consistent with the example attached to this message.
Screenshots of database breach begin below: