Data breaches at TVNZ

"An email phishing attack on a supplier resulted in a fraudulent invoice being received and paid by TVNZ," the broadcaster admitted. Photo / Wayne Drought

TVNZ has revealed two data security breaches over the past year, including the payment of a "fraudulent invoice" and the distribution of "commercially sensitive data" to external media agencies.

The state broadcaster detailed the incidents in written answers to Parliament's Commerce Committee. "An email phishing attack on a supplier resulted in a fraudulent invoice being received and paid by TVNZ," the broadcaster admitted.

In the second breach, in May this year, a test system accidentally sent commercially sensitive data to external media agencies.

"Changes have been made preventing automatic distribution of emails from this and all other test systems to prevent this happening in the future," TVNZ replied to the committee.

A TVNZ spokeswoman said the first incident was a "supplier issue" that was rectified and there was "no financial impact" to the broadcaster.

The second breach happened when financial statements were incorrectly sent to a client. "We moved, almost immediately, to retract the material," the spokeswoman added.

"We also contacted all impacted parties, apologised and were advised the statements were destroyed. This was an isolated incident."

The broadcaster declined to comment further to the Herald on Sunday.

Martin Cocker, executive director of Netsafe, said the bigger the company, the more vulnerable it can be to data attacks.

"It is not unusual for scammers to target large businesses that transfer a lot of money around to pay bills," he said.

"The scammers issue them spoof invoices from what looks like legitimate sources and take the money for themselves."