NZ Transport Agency Waka Kotahi (NZTA) is contacting 1,480 individuals to advise that their personal information held on the Driver Licence Register (DLR) or Motor Vehicle Register (MVR) has been illegally accessed.
The information accessed includes customers’ full name and address, or the status, conditions and endorsements on their driver licences.
NZTA was advised in late March that a motor vehicle trader with authorised access to the DLR and the MVR had their account compromised. NZTA has been investigating to ascertain the scale and nature of the breach and is now contacting all potentially affected individuals with advice on how they may be affected, what support is available and what if any action they should take. We have also notified the New Zealand Police and the Office of the Privacy Commissioner.
While NZTA is not able to provide further comment or release detailed information while investigations into the illegally accessed information are ongoing, we can confirm that the illegally accessed information was gained through MotorWeb, a third-party on-line portal, after the identity of a motor vehicle trader and its staff was used to create a fraudulent account to access information held on the MVR and DLR. MotorWeb immediately cancelled the account when they discovered its existence and advised NZTA of the privacy breach.
“We take our responsibilities for the protection of personal information extremely seriously, and we apologise to the individuals affected by this incident and for any inconvenience or distress it has caused,” says Brent Alderton, NZTA Group Manager Regulatory.
“NZTA already had work underway to improve privacy protection, and following this incident we have focussed specifically on reviewing the third-party access to our systems to strengthen the protection of the information we hold. MotorWeb and the motor vehicle trader are both assisting NZTA with our investigation.”