The New Zealand Nurses Organisation is blaming ‘human error’ for a privacy breach which saw personal details of all its members’ sent to a Yahoo email address.
An email containing members’ first and last name plus their email addresses was sent in response to a ‘phishing email’ received by the organisation on Tuesday. No other information was breached.
‘Phishing emails’ are emails which deceive recipients into believing they are responding to a legitimate request. They can look believable as they often appear to be sent from a person or an organisation that’s known to the recipient.
In an email sent to members, NZNO acting chief executive Jane MacGeorge apologises on behalf of the organisation saying ‘human error’ is to blame.
“We ask you to please be extra vigilant if you receive requests for information by email, in particular from Yahoo addresses in case they are SPAM.
“I have sought advice from the Office of the Privacy Commissioner about this unfortunate breach of privacy. NZNO is following their guidelines to contain and manage this breach.”
Following Tuesday’s breach, the NZNO has lodged a complaint to Yahoo, notified the Department of Internal Affairs’ Anti-Spam team so they can investigate the breach, and lodged a complaint about the scam with NetSafe.
The NZNO Board has also been informed, while staff have also been asked to remain vigilant of any other phishing emails sent to the organisation.
“Once again we apologise for this and would like to reassure you that NZNO is taking steps to prevent this from happening again,” says Jane.
The NZNO is now working with national identity and cyber support service ID Care who have prepared a plan in response to Tuesday’s breach.
In a statement published to its website, IDCARE says it’s engaged with the NZNO to understand the nature of what’s occurred, how it occurred, and is undertaking a preliminary assessment of the likely impact to the organisation and its members.
“After speaking with the NZNO on [November 1, 2016], IDCARE’s preliminary assessment indicates the likelihood of future direct misuse to its members is low.
“In other words, it’s not likely that cybercriminals that obtain name and email address only can directly commit identity theft against individuals without more information, such as NZ Transport Driver Licence number or NZ Passport number.”
But the organisation is warning NZNO members to be extra vigilant as the number of phishing emails sent to them may increase as a result of the breach.
“’Phishing emails’ can look incredibly believable. Be cautious of clicking on links or attachments and do your own research and explore alternative contact methods for the sender. Check the email address to see whether it is an email address the sender uses.
“Ensure you have anti-virus on all of your Internet enabled devices, including your phone. The brand/operating system doesn’t matter, all of your devices should have anti-virus.
“If you are unsure about how to get anti-virus on your phone, simply go to your App Store on your mobile and search for “anti-virus” and go from there,” says IDCARE.
If you are concerns your identification may have been compromised the NZNO is asking members to contact ID Care by calling 0800 201 415 or by visiting: www.idcare.org.au
Members can also contact the NZNO’s membership support centre on 0800 28 38 48 if they have any questions or concerns.
SunLive has sought comment from the New Zealand Nurses Organisation and is waiting on its response.