The staff member who accidentally released New Zealand Nurses Organisation members' personal details believed they were replying to an email sent by the union's chief executive.

An email containing thousands of members' first and last name plus their email addresses was sent in response to a ‘phishing email' received by the NZNO from a fake Yahoo account at about 12pm on Tuesday.

‘Phishing emails' deceive recipients into believing they're replying to legitimate requests and can look believable as they often appear to have been sent by a person or organisation known to the recipient.

The NZNO is the largest trade union for nurses in New Zealand and represents more than 46,000 nurses, midwives, students, kaimahi hauora, health care workers and allied health professionals.

In a statement published to the NZNO website on Wednesday, chief executive Memo Musa confirms the phishing email was designed to look as if it had been sent from his office.

'The letter sent to members [on Tuesday] about email addresses being sent out is correct and authentic. Member email addresses have been given in error to an unknown person,” the statement reads.

'This data breach occurred as a result of a response to a phishing email. Phishing emails are emails that deceive recipients into believing that they are responding to a legitimate request, in this case from the chief executive.”

Since the breach, the NZNO has spoken to the country's 20 district health board chief executives, plus met with police's cyber departments, the Ministry of Health and the Department of Internal Affairs which has requested Yahoo shut the fake email address down.

The union is also working with the Privacy Commissioner to help support members and to mitigate problems.

Communications and media advisor Karen Coltman confirms no other personal information was released during Tuesday's privacy breach.

She says the union has received feedback from members who understood the situation and how it has come about, but there are some who 'don't quite understand what's happened and they don't know if they've been scammed”.

'For us it's about being clear that nothing actually happened other than we released a database that shouldn't have been released.

'It's very unfortunate.”

Karen reiterates the breach was down to 'human error” and phishing email scams can happen to organisations both big and small at any given time.

'We're carrying out an investigation into the incident, clearly we want this to never happen again. So we'll be educating staff and members about phishing and other email scams.”

Karen says the NZNO will be providing up-to-date advice to its members via its website which can be found at: www.nzno.org.nz