Cyber Incident Victim: Vercoe Insurance Brokers
Date:
Mar 2025
Location:
New Zealand
Summary
Vercoe Insurance Brokers reported that its IT systems were compromised by cybercriminals, prompting an external investigation into the full scope and nature of any malicious activity. Access has been restored and systems are back to full operational capacity while security measures are under review, and the company noted the impact on day‑to‑day work for clients has been limited. Ransomware group DragonForce claimed to have exfiltrated more than 60 gigabytes of data, leading the company to notify the Office of the Privacy Commissioner and the Financial Markets Authority and to inform insurer clients and other parties about the ongoing investigation. The firm stated it will notify broker clients if personal information is found to be affected and emphasized its serious response, working with external providers and reviewing its offices in Matamata and Morrinsville on the North Island.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
Vercoe Insurance Brokersannounced that its IT systems were recently compromised by cybercriminals, a situation the company described as a recent breach of its technology infrastructure. The broker stated that external experts have been engaged to investigate the full scope and nature of any malicious activity that may have occurred within its networks. According to Vercoe, access to all affected systems has been restored and the systems are now operating at full capacity again. The company indicated that security measures are under review as part of its response to the incident. Vercoe noted that the impact on its ability to conduct day‑to‑day work for clients has been limited, suggesting that core business functions continued despite the breach. The broker expressed gratitude to its external providers for working hard to restore operations and bring the systems back to normal.
On March 5, the ransomware group DragonForce posted a public claim asserting that it had exfiltrated more than sixty gigabytes of data from Vercoe’s systems. Vercoe said it immediately notified the Office of the Privacy Commissioner and the Financial Markets Authority about the incident following the claim. The company explained that the investigation into what specific information was affected is ongoing and has not yet concluded. Vercoe reported that insurer clients and other parties have already been notified of the cyberattack and the associated investigation. The broker stated that should the investigation determine that personal information relating to broker clients has been impacted, it will notify those clients as appropriate. Vercoe emphasized that it is taking the incident extremely seriously and is working hard with its response team to manage the situation.
The company said it is committed to ensuring that its response aligns with best practice standards for handling cybersecurity incidents. Vercoe highlighted that its response team is actively engaged in addressing the breach and coordinating with external experts and regulators. The broker reiterated that it will continue to monitor the investigation and provide further updates if new findings emerge regarding data exposure. Vercoe confirmed that it maintains offices in Matamata and Morrinsville on the North Island of New Zealand, which remain operational despite the cyber incident. The firm concluded that it remains focused on resolving the matter and safeguarding its systems moving forward.