New Zealand government compromised in third-party cyber attack
Health and criminal justice departments are among those impacted by the attack
Add bookmark
An IT managed service provider that supports a range of organizations across New Zealand including several within its government has suffered a cyber attack, compromising access to its data and systems.
Those affected by the cyber security incident includes some providers contracted to Te Whatu Ora - Health New Zealand, although health service delivery has not been affected.
The Ministry of Justice was also affected by the third-party data breach and confirmed the cyber attack has impacted access to some coronial data. This allegedly includes thousands of autopsy reports.
In a statement, New Zealand’s National Cyber Security Center (NCSC) said that it is coordinating governmental response to the cyber attack, both within the Government Communication Security Bureau and alongside the New Zealand police, CERT NZ and the Privacy Commissioner.
Lisa Fong, deputy director-general of the NCSC said that the government’s incident response is at an “early stage” and that the NCSC is working with the compromised third party to “understand more fully the nature of the data that has been impacted” and how the cyber attack occurred. She noted that determining the potential harm and scope of the cyber attack, as well as the data accessed during the attack, may take some time.
The NCSC said it has not and will not be publishing any further information about the third party affected, or the potential data breached in the attack to mitigate the chance of “malicious actors...us[ing] public communications to further leverage the incident and cause harm to others”.
The government agencies affected have said they will be reaching out to those they believe have been impacted by the cyber attack in due course, to address the effects of the cyber security incident and provide any support needed.
