Who: The New Zealand Transport Agency

How Many Records: 900

Date: 4 Feb 2019

What Happened: Private email addresses were accidentally released in a mass email.

How did it happen: In a case of human error private email addresses were accidentally released in a mass traffic update email.

Outcome: a broadcast email was a “cybersecurity 101” failure, and many sensible organisations have filters that check exactly this sort of thing. The agency takes any breach of privacy “very seriously” and we regret that this has occurred and steps have been taken to ensure that it is not repeated, including requiring an additional review step before the distribution of such updates. While there may be a possibility of harm to an individual resulting from this breach, it is also at the low end of probability. NZTA also launched its own internal investigation. That investigation has finished and an NZTA spokesman said the report, and its recommendations, would be finalised soon.