Labour says revelations Foreign Affairs Minister McCully's email account was hacked into is a wake-up call and raises serious questions about what was sent to the private address.
The Telecom Xtra account was broken into by international hackers' collective Anonymous, potentially revealing sensitive Cabinet information and cable traffic from foreign posts.
McCully had asked that official emails be forwarded to that account while he was overseas in April last year.
Prime Minister John Key said he was aware of the breach and warned other ministers to be more careful, particularly about passwords.
Labour's information technology spokeswoman Clare Curran said she was "bemused" to learn the minister was having emails forwarded to a private accounts.
"There are questions to be answered."
If it was easier for the minister to access a private account when he was overseas, that was an issue that needed to be addressed by Parliament's information technology department.
But it was concerning if there was another reason, she said.
"What sort of correspondence would be going on between a minister and officials through a private account that wasn't subject to the Official Information Act?"
From time to time the Parliamentary email system was unable to be accessed, Curran said.
"(But) given he holds a ministerial position, is it sensible to be using another email account which is so obviously that you're a minister?"
Labour's foreign affairs spokesman - and former foreign affairs minister - Phil Goff said it was unusual to have material sent to a private email address.
It was important foreign affairs briefings be kept confidential.
"If you are in the midst of a visit in a foreign country and you are wanting full and frank advice from your ministry about the nature of events in that country, to have that leaked out could be diplomatically disastrous.
"It could totally undermine the nature of the visit you were having to that country."
The hacking was a "wake-up call" that email correspondence sent to private addresses was not confidential, Goff said.
"Anything an official nature should be going through protected channels."
The Dominion Post has been told the breach was investigated by the Government's security agencies, including the Government Communications and Security Bureau, which were continuing to monitor traffic for any leaked information.
Key could not confirm the bureau was involved but said it was "a reasonable assumption".
He was not aware of what information was accessed, but said "if it was really sensitive it would be out by now".
McCully said the breach took place while he was overseas and the account was closed down. "We discovered it because people started sending out emails from my account."
They had been about "a whole range of things" but mostly making fun at McCully's expense.
"I don't want to be more specific – I don't want to give people ideas."
McCully said there was no access to foreign cables in email form at that time and that Cabinet papers were also delivered in hard copy.
He would go back and check, but his memory was that the emails did not include Cabinet papers and cable traffic or anything that gave cause for concern.
It was just one of several accounts he operated.
"Ninety-five per cent of the stuff that comes through on that account when I am travelling is media stories ... then there's a bit of office administration stuff."
Officials in his office were careful and Foreign Affairs would not normally use that address to forward things to him.
McCully said he had not had an easily hacked password. "Any breach of security is serious. Mr Key made clear his expectations.
"My office and I are [now] more careful about these things."
It is understood questions have been raised about why officials agreed to forward the emails because it put them outside the security blanket around the Government's email system.
But Key's spokesman said there were no protocols that prevented ministers from having emails forwarded to private accounts.
Mark Watts, Telecom's acting head of corporate communications, declined to comment on the breach, saying the company never commented on matters of individual security.
"Telecom takes the security and privacy of our customers' information very seriously and has appropriate checks and systems in place to support this.
"These checks and systems are regularly reviewed," he said.
It is understood the breach came at about the time Anonymous threatened to attack the Parliament website in protest at the copyright law.
There was some discussion inside the Anonymous network about the email breach at the time, but no emails have so far been made public.
Last May Parliament's website was shut down for a morning after a threat by the group.
A member of the group also bragged about hacking a minister's website, but did not mention the email breach.
In recent weeks, the group has launched attacks on a range of sites, including the CIA, the United States Justice Department and the US Copyright Office.
This month Anonymous hackers intercepted and published a conference call between the FBI and Scotland Yard talking about how to deal with hackers.
TELL US MORE
Do you know more about the hacking? Contact Vernon Small.
- © Fairfax NZ News
How important is NZ's anti-nuclear policy to you?Related story: It's all good, just don't mention the nukes