New Zealand / Canterbury

EQC apologises again for delay in contacting homeowners over data leak

18:31 pm on 5 June 2020

Sorry seems to be the hardest word, or so goes the Elton John song. Unless of course, you're the Earthquake Commission.

EQC's boss, Sid Miller, was apologising again today, just a week and a half after saying sorry to 8000 customers for accidentally leaking their personal details to a lawyer and their client.

Homeowners' files were sent in error to a lawyer and their client by an EQC staff member. Photo: RNZ/ Nick Monro

It was Tuesday last week when Miller put out a press release saying he was "embarrassed and frustrated" after a staff member failed to follow several key security steps and accidentally leaked the files.

Details included names, addresses and the amount of money paid out to them by EQC.

Sid Miller Photo: Supplied / ACC

At the time Miller said he was contacting affected customers and apologising for the mistake, promising his organisation would do better in future.

Today Miller had to say sorry, this time for taking until yesterday, two weeks after the breach was first discovered, to finally get around to emailing those affected.

"Look, I apologise to anybody who is frustrated in terms of what has happened here. I'm deeply frustrated and deeply upset about what has happened. We've been working hard as an organisation to make improvements over the last few years and something like this undermines the progress and...the trust you have with your customers."

Since yesterday more than 200 customers had got in touch with EQC about the delay.

He admitted it was unacceptable to keep people hanging for such a long time to find out if their information was among the leaked documents.

"We've had to send a range of emails and actually letters to people. So we had to work through all of that and make sure we were linking the people and the addresses so there is quite a bit of work to do underneath that.

"Has this taken longer than we anticipated or than it should have done? Yes, I accept that we could have done things quicker."

One of those affected, Rose-Marie Spijkerman, said customers should have been communicated with first, instead of having to find out about the breach through the media.

She said an apology was not enough and she would now like to see some financial compensation.

"An apology is an apology and anyone can write an apology and there will be some sincerity behind it, but it doesn't make them financially accountable for these breaches. As soon as they become financially accountable, they will strengthen their security."

Miller said while the lawyer had deleted the files, they had still not been able to confirm if the customer who was sent them had done the same.

Spijkerman said that was a real concern.

"What guarantee is there that the lawyer and whoever it was it was meant to go to has not circulated that information further forward, because the last major breach, [where] 80,000 got caught up, multiple thousands of people had that Excel spreadsheet."