Tens of thousands of emails hacked after nurses union targeted in phishing scam

A person pretending to be chief executive of the New Zealand Nurses Organisation, Memo Musa, extracted the email contact details of some of the union's 47,000 members. Photo / 123rf

Tens of thousands of members of the nurses union have had their email addresses hacked in a phishing scam.

A person pretending to be chief executive of the New Zealand Nurses Organisation, Memo Musa, extracted the email contact details of some of the union's 47,000 members, the NZNO has confirmed.

The data breach was the result of a phishing scam, he said, from a fake Yahoo email address purporting to be from Musa. Tens of thousands of addresses were released to the scammer.

In a statement on its website, the union apologised to members and said it was working to prevent a similar privacy breach in the future.

"On Monday 1 November a person pretending to be the chief executive, Memo Musa, using a fake Yahoo email address, contacted NZNO and requested the email contacts for our members," the statement said.

"Unfortunately this information was released."

The statement from Musa continued: "Member email addresses have been given in error to an unknown person. NZNO apologises for this."

"The Department of Internal Affairs has requested that Yahoo shut this fake email address down.

"We are working with the Office of the Privacy Commissioner to help support members and to mitigate this problem."

The NZNO has also met with the cyber departments of the police, Ministry of Health and Internal Affairs.

"NZNO appreciates your membership and is committed to offering a high standard of service. We sincerely hope you will trust us to do our very best to make sure this doesn't happen again and that we take your privacy very seriously on all matters."

In an earlier statement, acting chief executive of the union Jane MacGeorge said the breach was "very unfortunate and upsetting to members".

"We are advising our members and staff to be vigilant when considering opening any emails from a yahoo address and to question whether an email received from an NZNO address looks correct and to not open any links or attachments if in doubt," she said.

"We have communicated with the chief executives of district health boards and worked with the general practitioner organisation to get communication out to the health sector about this release of email addresses and are advising them to be on alert.

"NZNO is committed to offering a high standard of service to members and is doing its best to make sure this unfortunate error doesn't happen again. It is updating its website with more advice on how to block spam and to be aware of phishing emails."