NZTA investigating privacy breach

The NZTA has announced at least 13 vehicles became the suspected target of thieves after a privacy breach of the motor-vehicle register (MVR) exposed the details of nearly 1,000 people.

The database was breached through the agency’s Motochek system, which allows registered users to electronically access the MVR, reports RNZ.

“NZTA became aware of the breach in May 2025, via a customer complaint and through police as a part of an ongoing investigation,” the agency says in a statement. 

“We determined that the unauthorised access resulted from the Motochek account of an ex-employee of Auckland Auto Collections Ltd being used to access people’s names and addresses from the MVR.

“To date we have determined that names and addresses of 951 people were accessed improperly over the 12 months to May 2025, and that at least 13 of these vehicles are suspected to have been targeted for theft.”

The NZTA adds it is contacting potentially affected people to advise them of the breach, assisting police with their investigations and has notified the Office of the Privacy Commissioner, reports RNZ.

Authorised users must meet certain terms and conditions to be able to access the MVR and the NZTA says work is under way to improve the protection of personal information within its registers.

The latest incident follows a breach last year when an Armstrong’s employee in Christchurch broke privacy rules to access the Motochek website for personal reasons.

In May 2024, the NZTA also contacted 1,480 individuals to advise them personal details on the driver-licence register (DLR) or (MVR) had been illegally accessed after a dealer had their account compromised.