Cyber Incident Victim: Business New Zealand
Date:
Nov 2022
Location:
New Zealand
Summary
A cyberattack targeting IT provider Mercury IT disrupted services for multiple New Zealand organizations, including BusinessNZ, the Wellington Chamber of Commerce, Business Central, the New Zealand Nurses Organisation, the Physiotherapy Board, and health insurer Accuro. Public-facing systems were knocked offline, with websites displaying maintenance messages. While some entities reported no evidence of compromised personal data, others could not rule out potential breaches of sensitive information. Forensic experts and authorities assisted investigations, though the full scope and nature of the attack remained unclear. The incident mirrored broader cybersecurity challenges, including ransomware threats, with affected organizations prioritizing system restoration and impact assessments alongside regulatory notifications.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around November 30, 2022, multiple New Zealand organizations experienced disruptions due to cyberattacks targeting their shared IT infrastructure providers. BusinessNZ, the Wellington Chamber of Commerce, and Business Central had their websites knocked offline, displaying maintenance messages. Their external IT provider, Wellington-based Mercury IT, confirmed it suffered a cyberattack affecting several clients. BusinessNZ spokesman Cal Roberts stated the organizations were working with Mercury IT to investigate the incident, emphasizing their commitment to protecting member information. Early indications suggested only public-facing systems were compromised, with no confirmed access to financial data servers, though a breach of sensitive files remained possible. Mercury IT engaged external specialists and authorities but declined to provide further details through director Corry Tierney.
The incident extended beyond BusinessNZ-affiliated entities. The New Zealand Nurses Organisation (NZNO) reported website downtime caused by a cyberattack on its unnamed IT host, described as a "major international cyber attack." NZNO spokesman Rob Zorn confirmed website data could not be recovered but asserted no personal data was compromised. Similarly, the Physiotherapy Board of New Zealand attributed its system issues to a "large-scale ransomware attack" on its provider, acknowledging potential privacy breaches despite no evidence of published personal details. Health insurer Accuro also disclosed possible customer data exposure after its unnamed IT provider was compromised, limiting phone services and prompting email communications. Accuro CFO Joe Benbow stated no confirmed data compromise but could not rule it out, with forensic investigations ongoing alongside notifications to the Privacy Commissioner. Cybersecurity firm Emsisoft found no evidence of BusinessNZ, Wellington Chamber, or Accuro data on dark web forums as of November 30. The attacks occurred amid broader cyber incidents affecting Pinnacle Midlands Health Network and Waikato DHB, though direct connections between these events were not established in available reports.