By Sanele Chadwick and 3 News online staff
A person involved in uncovering security flaws at the Ministry of Justice says they are not hackers, and Justice Minister Judith Collins has got it wrong.
Ms Collins has defended the organisation, saying there was no real privacy breach – but that's not how the whistleblowers see it.
Three whistleblowers say the Ministry of Justice website is a gateway to screeds of private information. The three, who want to remain anonymous, say they found the flaws using the Tenancy Tribunal's search engine.
"The initial concern was the ability to get that far, being able to list every tenancy tribunal case and getting direct access into the private security, Personnel Licensing Authority information, when you should only be able to search for specific people," they told 3 News.
The Ministry Of Justice was alerted to the flaw, and was also told that members of the public could see passwords for payment gateways.
But Ms Collins insists there was no privacy breach. She compared it to a thief getting in through the front gate of a property but finding the door of the house locked.
But one of the three original whistleblowers was so upset by this, he got in touch with 3 News last night to say that's not the case.
"Judith Collins has said we got in through the front gate to find the door locked. The analogy we'd use is that we found the front door unlocked, but rather than going in to steal anything, we've called our neighbour to let them know."
He says they object to being called hackers, and claims they didn't make full use of the private information available as they didn't want to break the law.
Labour IT spokesperson Clare Curran says Ms Collins is more interested in "protecting her own back than protecting her ministry's website".
"We're now up to I think around 10 agencies, Government ministries, departments, et cetera, that have had quite public breaches in the last 12 months, more every week," she said on Firstline this morning.
"The Government just seems to continue to brush it off or blame the person who's revealed the breach, or who's been involved in the breach. It's just simply not working and it's not good enough."
Ms Curran says the whistleblowers did "the responsible thing" in contacting her about the problem.
"The analogy that was used by the whistleblower was quite right. I think they were being good neighbours and actually wanting to do the right thing. But unfortunately the Government and Judith Collins have reacted in the opposite way."