Curious why would you report this to COLFO?
This example is just another private company doing a shoddy job of its tech and leaking personal information, sadly pretty common within NZ. Countless examples from crap IT to humans sending emails with the wrong attachments or including everyone in the recipient list. NZ has weak laws around privacy and what constitutes sensitive personal data, and especially weak on the penalties that can be applied (or are applied).
Bookmarks