Cyber Incident Victim: Wellington, New Zealand
Date:
Nov 2022
Location:
New Zealand
Summary
A cyber incident involving an external IT service provider compromised access to sensitive New Zealand coronial data managed by the Ministry of Justice and Te Whatu Ora, affecting approximately 14,500 transport records of deceased individuals and 4,000 post-mortem reports spanning multiple regions. While no direct evidence confirmed data exfiltration, authorities could not eliminate the possibility, prompting urgent High Court orders to prohibit access, sharing, or publication of the material. The Ministry collaborated with national cybersecurity agencies, law enforcement, and privacy regulators to investigate the breach, which originated from a third-party supplier’s systems rather than direct targeting of government infrastructure. Support channels were established for potentially affected individuals amid ongoing efforts to assess the full scope and mitigate risks of unauthorized disclosure.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The Ministry of Justice of New Zealand was informed on November 30, 2022, of a cybersecurity incident involving an external IT services provider linked to a third-party contractor. This incident disrupted access to approximately 14,500 coronial transportation files spanning nationwide cases from November 2018 to November 2022, alongside approximately 4,000 post-mortem reports from regions including Northland, Waikato, Bay of Plenty, Taranaki, Wellington, Horowhenua-Kāpiti, Nelson-Marlborough, Otago, and Southland, covering March 2020 to November 2022. Initial assessments indicated no direct compromise of Ministry systems, and while access to data was blocked, there was no confirmed evidence of data exfiltration at this stage. The Ministry immediately engaged the National Cyber Security Centre (NCSC), Police, CERT NZ, and the Office of the Privacy Commissioner to investigate the scope and origin of the breach. Public notifications on December 6, 2022, advised potentially affected individuals to contact dedicated email and phone support channels established from December 7. Ministry officials emphasized the sensitivity of the data and refrained from detailed public commentary to avoid aiding malicious actors monitoring the situation.
On December 19, 2022, Te Whatu Ora (New Zealand’s health agency) and the Ministry of Justice jointly secured an urgent High Court order prohibiting access, sharing, or publication of the compromised coronial and health information, citing precedents for restraining unknown parties. This legal action aimed solely to prevent distress from potential disclosure of private data, not to limit media reporting. By January 18, 2023, the perpetrators released non-coronial information on the dark web, though the Ministry confirmed no coronial files—including post-mortem reports or transport details—were among the leaked materials. Ongoing investigations by NCSC, Police, and CERT NZ continued, with the Ministry maintaining operational coronial services throughout. The incident’s origin remained undisclosed due to the active inquiry, and public updates stressed collaboration with cybersecurity experts and adherence to court-mandated protections for affected families.