Tens of thousands of New Zealanders may have had their personal data exposed due to an unsecure property management website.
A security flaw on the website of Lambton Property Management (LPM) has meant one overseas tech expert has uncovered more than 30,000 files, including passports and driver's licenses.
Analysts estimate the files could be worth more than $500,000 if sold on the dark web, but Lambton Property Management is confident no one's privacy has been compromised.
“Our priority is assuring our clients that all their data remains completely secure and not been exposed in any way to unauthorised access,” a company statement read.
But Jake Dixon says that’s not strictly true. A tech expert based in Ireland, Mr Dixon spends his time looking for vulnerabilities in websites, which is how he uncovered Lambton Property’s breach.
“This was public data - anyone could've found this as if it's a listing on a website,” Mr Dixon said.
"This is used for utilities - banks across the board - someone doesn't need to forge these if they have the actual document to hand, and unfortunately I believe tens of thousands of New Zealanders are at risk of losing their digital identity.”
The property management company says the issue was fixed on June 11, but people are only just finding out about it one month on.
Reporting such a breach will only become a legal requirement in December.
Former tenant Lizzie Ryan only found out that her data could have been exposed in the Lambton Property breach today.
“Once it's out there it's out there - you can say what you like about them fixing it really quickly - but I mean that's what happens with these leaks - you hear about it after the fact.
Ms Ryan rented a property off of LPM in 2013.
“It's just something I'm going to have to ask going forward, like how do you secure your data, how can we trust that you'll keep it safe.”
SHARE ME