Cyber Incident Victim: New Zealand Ministry of Justice
Date:
Nov 2022
Location:
New Zealand
Summary
A cyber incident involving an external IT service provider compromised access to New Zealand Ministry of Justice coronial data, including transportation records and post-mortem reports, though no direct evidence confirmed data exfiltration. The breach prompted urgent High Court orders to restrict access or dissemination of sensitive information, alongside investigations involving national cybersecurity agencies and law enforcement. Approximately 14,500 transport files and 4,000 post-mortem documents were affected, with contact channels established for potentially impacted individuals while coronial services remained operational. Legal actions emphasized preventing unauthorized disclosure rather than constraining media reporting.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The New Zealand Ministry of Justice disclosed a cyber security incident on November 30, 2022, after being notified that an external IT service provider linked to a third-party contractor had been compromised. This indirect breach impacted access to approximately 14,500 coronial transport files spanning nationwide cases from November 2018 to November 2022, alongside approximately 4,000 post-mortem reports from 11 regional jurisdictions dated March 2020 to November 2022. Initial assessments confirmed no direct infiltration of Ministry systems but acknowledged blocked access to sensitive data, including transportation records of deceased individuals and post-mortem documentation. The Ministry engaged the National Cyber Security Centre (NCSC), Police, CERT NZ, and the Privacy Commissioner to investigate, while emphasizing no conclusive evidence of data exfiltration—though this possibility could not be eliminated.
On December 6, 2022, the Ministry established a dedicated phone line and email channel for concerned citizens, while reiterating operational continuity for coronial services. By December 15, investigations remained ongoing with no new evidence confirming data theft. On December 19, the Ministry and Te Whatu Ora (New Zealand’s health agency) secured an urgent High Court injunction prohibiting access, sharing, or publication of compromised coronial and health data, citing precedents for orders against unknown parties. This legal measure aimed solely to protect affected individuals’ privacy, not to restrict media coverage. On January 18, 2023, the Ministry confirmed threat actors had released non-coronial information on the dark web but affirmed no coronial files—including post-mortem reports or transport records—had been leaked. The High Court’s suppression orders remained active, though the Ministry declined further commentary due to the incident’s sensitivity. Throughout the response, authorities emphasized collaboration with forensic experts and cybersecurity agencies to assess the breach’s scope and origins, while maintaining public assurances about service continuity and investigative diligence.