Cyber Incident Victim: NZ Uniforms
Date:
Jan 2022
Location:
New Zealand
Summary
NZ Uniforms experienced a ransomware attack by the Conti gang, which temporarily disrupted some systems before operations were restored within 48 hours. The attackers claimed data theft on the dark web, prompting the company to notify authorities of a potential breach as a precaution while forensic analysis continued to assess potential data exfiltration. No ransom was paid or negotiated, and the organization engaged independent experts while following guidance from government cybersecurity agencies to mitigate the incident. The Wellington-based retailer, supplying uniforms nationwide, emphasized minimal customer impact despite the attack’s disruption to its infrastructure.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
NZ Uniforms, a Wellington-based supplier of uniforms to schools, businesses, and sports clubs with 17 retail locations across New Zealand, experienced a ransomware attack in late January 2022. The Conti ransomware gang publicly claimed responsibility for the breach by posting an advisory on the dark web on January 31, 2022, indicating they had stolen company data. Chief Executive David Bunnell confirmed the cyberattack temporarily disrupted some operational systems, though services were fully restored within 48 hours to minimize customer impact. The company did not engage with the attackers, refused ransom demands, and reported the incident to the Office of the Privacy Commissioner as a precautionary measure despite lacking confirmation of data exfiltration at the time. Forensic analysis to determine the scope of potential data theft was initiated but remained ongoing when reported. NZ Uniforms followed response protocols from Cert NZ and the National Institute of Standards and Technology while collaborating with independent cybersecurity experts during recovery efforts.
The incident marked New Zealand’s first publicly disclosed ransomware attack by a major gang in several months, following a mid-2021 surge in such incidents. Conti, known for targeting Microsoft Windows systems, had executed hundreds of global attacks since 2020. Brett Callow, a threat analyst at Emsisoft, noted the reduced frequency of ransomware gangs publicizing attacks against New Zealand organizations coincided with international law enforcement arrests that increased operational risks for threat actors. NZ Uniforms maintained compliance with mandatory breach reporting requirements under New Zealand’s Privacy Act, which obligates organizations to notify authorities of incidents likely to cause serious harm. The company’s prompt containment limited immediate operational consequences, though potential data compromise remained under investigation. No customer, employee, or supplier data specifics were confirmed as exposed during the initial response phase.