EQC's IT systems frozen

Photo / APN

All emails and information technology systems have been frozen at the Earthquake Commission tonight in a drastic move to stop privacy breaches.

Canterbury Earthquake Recovery Minister Gerry Brownlee put his foot down to stop further privacy breaches, saying he had few alternatives in light of a second privacy breach at EQC.

The rare and firm move came today after it was revealed by the Labour Party in Parliament another claimant was sent private details by EQC.

The latest claimant received an email six weeks ago with an attached spreadsheet with 2200 names, stopped cheque details and claim amounts worth about $23 million.

Mr Brownlee immediately shut down all external emails systems - no emails will go into the organisation and none will be sent out.

He also told EQC to shut down all business-to-businesses systems and data exchanges as well as access to EQC systems by external parties.

The Government's Chief Information Officer Colin MacDonald will oversee an investigation.

"We've stopped the whole system dead in its tracks - that will hold up a lot of claims processing but I think we just have to do it,'' said Mr Brownlee.

The latest breach comes hot on the heels of the revelation EQC mistakenly sent an email with claim status' and private details of 83,000 claimants, covering 98,000 claims to a former EQC contractor Bryan Staples.

Mr Brownlee admitted the claimant who received the latest set of information and emailed EQC had "not been seen by EQC, or not acted on''.

"It may be that it was caught up in a systems failure in EQC's computer network.

"The recipient took the appropriate actions and advised EQC they had received the information in error through EQC's online complaints process about a month ago.

"Some systems may come back to use progressively depending on the extent of issues that may be found.''

Mr Brownlee said this breach was of more concern as it was the entire database of stopped cheques and he wanted to know exactly how that occurred.

He said given the stress that people in Christchurch had been through it was unreasonable to have the added worry their personal details had been released.

"I'm deeply sorry, I couldn't be more sorry about this.''

No heads will roll despite EQC chief executive Ian Simpson volunteering to resign earlier in the week after the first privacy breach.

"It's easy to say let's go and chop a few heads off and look like we're really doing a good job - we won't have done a good job until we've got a high degree of comfort about the systems operating in EQC.''

Mr Simpson said he was "devastated'' by the news and the latest known breach required more drastic steps.

Labour's earthquake commission spokeswoman Lianne Dalziel said it was an "absolute scandal'' and proof of a systemic problem with security and electronic data held by EQC and other agencies across the state sector.

"We've now had major breaches at EQC, ACC, MSD, IRD, Corrections and Novopay''.