Labour is appealing to the privacy commissioner about lists of supporters and donors falling into the hands of a right-wing blogger.
Details of 18,000 people were on the databases downloaded by blogger Cameron Slater, severely embarrassing Labour, which had to email donors and people who had contacted it through its website to apologise for the breach.
Slater has revealed on his blog how he obtained the databases, which appear to have been publicly available and easy to download without needing to hack into the site.
He has threatened to reveal any conflicts of interest, potentially compromising Labour supporters in sensitive positions who have contacted it in support of its Stop Asset Sales campaign and others.
Some of the information downloaded includes lists on which there had been communication on other issues – for example, the increasing cost of early childhood education.
There may be some public servants who also feel compromised by being revealed as Labour Party donors or campaign supporters. But any parents, teachers and others who may have contacted Labour through the site may also be feeling vulnerable.
Party insiders admit some of their supporters are angry at the breach being allowed to occur.
President Moira Coatsworth said the party discovered on Saturday that there had been a potentially "malicious" breach of the database. An investigation revealed within hours that there was a "system vulnerability" that allowed Slater to access the details.
The database included details of several hundred donors but Ms Coatsworth said no credit card details were held on the site.
She accepted that the breach was serious and had apologised "unreservedly" to people whose privacy was breached.
But while it was a "design fault" that led to the breach, Labour believed releasing the information could breach privacy rules and was consulting the privacy commissioner before deciding whether to complain to police.
The affair has echoes of the 2005 release of hundreds of emails belonging to former National leader Don Brash. Police investigated that release and were unable to establish how the documents were obtained.
This time Labour is accusing National of dirty tricks, suggesting it had traced one early download from the database to an internet address belonging to a National Party head office mail server.
National Party president Peter Goodfellow confirmed one of its technical people had accessed the Labour database but denied that anyone had tipped off Slater.
"We haven't passed on any information, certainly haven't done anything with any information from their website, so we didn't tip off Cameron Slater."
The breach has also raised fresh questions about taxpayer funding of party activities after it was revealed staffers paid for by the Parliamentary Service were handling some party queries.
But Labour insisted yesterday one of the staffers concerned was paid a part-time salary by the Labour Party as well as the Parliamentary Service.
The Parliamentary Service has confirmed that it is talking to some people to ensure they are not breaking the rules by doing party work on parliamentary time, but it has refused to say which party is involved.
Should the speed limit be raised to 110kmh on some roads?Related story: 110kmh limit moves closer