mask.of.sanity writes "Kiwis could have their names, addresses, dates of birth and phone numbers exposed by flaws in the Christchurch public transport system that could also allow locals to travel on buses for free. The flaws in the MiFare Classic system allow anyone to add limitless funds to their transport cards and also buy cheap grey market cards and add them to the system. The website fails to check users meaning attackers could look up details of residents and opens the potential for someone to write a script and erase all cards in existence. Several flaws have been known to the operator since 2009." There are two sets of problems: their website is not adequately secured, allowing identity harvesting attacks, and the transit cards themselves are easy to forge.