#Privacy: SAP apologies after personal data of gun owners exposed

The personal data of almost 38,000 gun owners has been leaked to dealerships, subsequently forcing the German software giant SAP to apologise.

Shortly after the Christchurch shootings earlier this year, a government gun buyback scheme was introduced, which SAP is supporting. The scheme allows owners to return their firearms to dealerships and police stations having registered their weapons on a specific website. 

However, due to an SAP update issue, the personal data of gun owners has been made accessible to dealers.

Exposed information include names, addresses, dates of birth, firearms, licence numbers and bank account details. It is estimated that as many as 38,000 gun owners may have been impacted. 

One firearms dealer contacted the police about the breach, leading to the platform being shut down shortly after. The platform will remain offline until the security has been shored up.

In a statement released today, a spokesperson from SAP said:

“As part of new features intended for their platform, security profiles were to be updated to allow certain users to be able to create citizen records.

“A new security profile was incorrectly provisioned to a group of 66 dealer users due to human error by SAP…We unreservedly apologise to New Zealand Police and the citizens of New Zealand for this error.”

The breach has, of course, raised concerns from within the firearms community and by gun lobbyists. 

Nicole McKee of the Council of Licensed Firearms Owners, explained that data is a “shopping list for criminals”. 

It is feared that gun owners could now be targeted by criminals. ACT leader David Seymour placed blame on the Police Minister stating:

“The Police Minister refused to take responsibility, instead blaming police and a software provider. It is difficult to imagine how the Government could screw up worse, seriously endangering thousands of New Zealanders from a project designed to protect public safety.

“Firearms owners keep quiet about their firearms so bad people don’t know where they are – these idiots in police just told the whole world exactly where they are,” Seymour added.


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.

Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/