The Ministry of Social Development is investigating how confidential child abuse records ended up in the wrong hands.
Some of those abused while in state care have said when they asked the Ministry to send them their records, they received detailed accounts of abuse that happened to others.
And the lawyer for hundreds of those claimants said the breaches could undermine compensation claims.
One man said he suffered horrific abuse as a 10-year-old living in a state-run children's home in the 1970s.
He received $30,000 through the historic claims process, but he said when he requested his file to build his case in 2011, he was sent information about another man who had the same name.
He said he was given names, addresses and detailed accounts of children as young as six being beaten and covered in bruises - and all because the Ministry did not check his date of birth.
"It wasn't just compromising the confidentiality of the person with pretty much the same name as me, but their entire family. So I know all about their family now."
Radio New Zealand is not naming the man to protect the privacy of the other person involved.
Sonja Cooper, whose firm represented more than 650 clients seeking compensation for historical abuse claims, said the breaches were nothing new.
She said she had also been sent the wrong files, and it was still happening.
"We've been contacted by people who've had mail about other people sent to them. For example just last week we were contacted by somebody going through the fast track process who had someone else's letter in their mail, and we said they should immediately contact the office of the Privacy Commissioner."
Ms Cooper said the information involved in the cases was sensitive, and deeply personal.
She said the privacy breaches threw doubt on the Government's ability to sort through the hundreds of unresolved claims.
"If they are sending out the wrong records, then they may also be reviewing the wrong records when it comes to be making decisions about people's claims, and that's going to be particularly the case where they're not represented."
Netta Christian was raised in state care from 8 months old and also suffered abuse.
She founded a support group for abuse survivors and wrote a book called Stolen Lives about her experience.
Ms Christian said the breaches must date back even further than 2011 - because it happened to her too.
"When I got my file there were five documentations about other people. They were named - there was a letter about a guy. These were other people - I understand that's quite a common occurrence."
The Ministry of Social Development would not be interviewed and said the 2011 breach was dealt with when it happened.
But it conceded a new complaint was received yesterday from an abuse claimant who received someone else's confidential information.
It said it was urgently investigating how the breach happened, had apologised to the people affected and would do what it could to put the situation right.
Privacy Commissioner John Edwards believed it was likely the breach was a result of human error rather than a technical failure.
"I suspected it's sloppiness, I suspect it's human error simply because that's the trend I see in data breach notifications.
"It's far less the high tech failure of some un-updated server than the really basic stuff of failing to look at what you're putting in the envelope."
Mr Edwards hoped the results of the review would be made public so all organisations will be able to learn from it.