New Zealand’s high profile gun buyback scheme, enacted by the prime minister, Jacinda Ardern, after the Christchurch mosque attacks, has been thrown into disarray after police admitted that at least one person had been able to access other firearm owners’ personal information online.

The error became public on Monday when a gun lobby group said it had spoken to 15 people who were able to access information on a website where firearms owners registered weapons to be relinquished. It included their names, addresses, dates of birth, firearms licence numbers and bank account details, the group said.

“It’s a shopping list for criminals,” said Nicole McKee, from the Council of Licensed Firearms Owners. She added that gun owners who had not turned in their weapons were “now being told they have to comply with a system that cannot be trusted”.

The website was shut down on Monday morning and would not be used until the police could guarantee the safety of information, officers said.

Ardern won global praise when she announced six days after a gunman stormed two mosques in Christchurch, killing 51 Muslim worshippers, that the government would ban all the weapons used in the attacks. Less than a month later, a law prohibiting ownership of most semiautomatic weapons passed New Zealand’s parliament by 119 votes to one.

Since the law change, New Zealand’s police have operated a buyback and amnesty scheme for now illegal weapons, magazines and parts which was due to finish in less than three weeks, on 20 December, at which point owners would be prosecuted for possessing them.

On Monday New Zealand’s deputy police commissioner, Mike Clement, said an update on the buyback scheme’s website last week had caused personal information to be revealed more widely than it should have been. He blamed the software provider, the German company SAP, for what he called “human error”.

The site was custom-built for the gun buyback.

Clement said officers knew of only one person, a gun dealer, who had received access to the information. Gun dealers have been permitted to act as collection agents for the buyback scheme for weapons owners who did not want to attend public events run by the police.

But Clement said the dealer should not have been able to view so much detail, and the software update was “not authorised” by the police. The person who had accessed it had done nothing wrong, he said.

“This is a timely reminder to us all that we have to be particularly secure with people’s personal information,” he said, adding that the police had not done anything wrong either.

SAP was “working through their audit logs” to find out what information had been accessed. Clement said sharing personal information accessed through the site would be illegal.

“We’re pretty disappointed about this,” the police minister, Stuart Nash, said. He would wait until he learned more about what had happened before he commented on whether anyone should be censured.

Nash said the buyback had so far collected 43,000 weapons, most of them being “the type of firearms that are used to kill people”.

A second tranche of gun reforms before parliament would introduce a guns register – New Zealand issues permits to firearms owners rather than their weapons – and strengthen police powers to prevent certain people from gaining licences.

McKee defended the group’s decision to make the breach public, saying the revelations showed the buyback process had been “rushed”. Her organisation had published screenshots of what the person had accessed, with identifying details removed.

“We thought that it was imperative that we get the information out to the 38,000 people that their information had been compromised,” she said. “That has to outweigh the possibility of getting more firearms in.”

Clement could not “offer an absolute iron-clad guarantee” that private information had not been misused, but he would investigate what had happened.



