Cyber Incident Victim: Kiwibank

On September 8, 2021, multiple New Zealand organizations including Kiwibank, ANZ, NZ Post, MetService, and the Ministry for Primary Industries experienced disruptions to their online services due to denial-of-service attacks. The attacks rendered digital platforms inaccessible for many users throughout Wednesday, impacting banking, postal services, weather forecasting, and government primary industry functions. ANZ and Kiwibank specifically faced significant operational challenges as customers reported inability to access online banking services. The incident prompted immediate response efforts from affected organizations to restore functionality, with both banks making measurable recovery progress during the day. Concurrently, other critical national services including NZ Post's tracking systems and MetService's weather updates remained intermittently unavailable, indicating broad targeting of infrastructure.

Digital Economy Minister David Clark confirmed Cert NZ, New Zealand's national computer emergency response team, had notified him about the coordinated disruptions across multiple entities. By Wednesday afternoon, Clark stated impact assessment remained ongoing, withholding further commentary until investigations progressed. No attribution for the attacks or specifics about attack vectors were disclosed publicly during the initial response phase. Service restoration efforts continued throughout the incident day, with ANZ and Kiwibank prioritizing recovery of customer-facing banking systems. The disruptions highlighted dependencies on digital infrastructure across financial, logistics, meteorological, and agricultural sectors without revealing technical details about system vulnerabilities exploited.