Photo: RNZ / Dom Thomas
A privacy breach exposed the details of nearly 1000 people in a Transport Agency database over the course of 12 months.
The agency said the breach was suspected to have resulted in at least 13 vehicles being targeted for theft.
It admitted the problem to RNZ after one of the people affected contacted RNZ.
The agency said the problem involved the agency's Motochek system, which allowed registered users to electronically access information held on the Motor Vehicle Register.
"NZTA became aware of the breach in May 2025, via a customer complaint and through police as a part of an ongoing investigation. We determined that the unauthorised access resulted from the Motocheck account of an ex-employee of Auckland Auto Collections Ltd being used to access people's names and addresses from the MVR," it said in a statement.
"To date we have determined that names and addresses of 951 people were accessed improperly over the 12 months to May 2025, and that at least 13 of these vehicles are suspected to have been targeted for theft."
The agency said it was contacting potentially affected people to advise them of the breach, update them on actions being taken to address the situation, and to provide support and advice to address their concerns.
"We have sincerely apologised to those affected for the inconvenience and distress caused by the breach," it said.
NZTA said it was also assisting police with their investigations of the breach and vehicles which might have been targeted for theft.
It had also notified the Office of the Privacy Commissioner.
NZTA said it had systems and processes to protect peoples' privacy, including the terms and conditions which authorised users were expected to meet if they accessed the register.
"Work is underway to improve the protection of personal information within our registers, with a priority to address risks of harm. This work will involve improvements across policy, contractual, operational and digital aspects of register access," it said.
A person affected by the breach was told in a message from NZTA that their full name and address were accessed last year.
"We have been unable to confirm the reason why your name and address was accessed. If you feel that your personal safety is at risk, we encourage you to contact NZ Police directly," the message said.
Sign up for Ngā Pitopito Kōrero, a daily newsletter curated by our editors and delivered straight to your inbox every weekday.
