Cyberhacks: BusinessNZ, Wellington Chamber of Commerce offline in broader attack

Three business organisations have had systems knocked offline after the IT provider they share was hit by a cyber attack.

BusinessNZ’s website was offline this afternoon with an “under maintenance” message, while the Wellington Chamber
of Commerce and its stablemate Business Central had their phone systems on out-of-hours mode.

The Herald understands early indications are that only public-facing channels were involved, not servers containing any financial data. But a breach of sensitive files could not be completely ruled out at this point.

The Herald understands the IT provider is Australian-based MercuryIT. The firm’s managing director Aj Williams was in meetings at the times the Herald called. At press time, the company had yet to respond to questions, including whether it had been the victim of a cyber attack.

The Herald understands that a number of MercuryIT’s other clients have also been affected.

Business NZ spokesman Cal Roberts, speaking on behalf of both his own organisation and Wellington Chamber and Business Central, told the Herald:

“BusinessNZ and Business Central’s external IT infrastructure provider has been the victim of a cyber attack which has affected some of our websites.

“Both BusinessNZ and Business Central take their obligations to protect members’ information seriously. Our current focus is working with our IT provider to investigate and understand the situation further.”

None of the organisations involved would comment further, citing advice from security experts.

Late on Friday, health insurer Accuro said its customer data could have been exposed in a cyber attack.

The Wellington-based firm has around 30,000 customers, chief financial officer Joe Benbow told the Herald.

“Accuro’s external IT infrastructure provider has been the victim of a cyber attack that has prevented access to a number of our core systems,” the firm says in a statement.

Benbow wouldn’t name the provider on Friday, or today.

“At this stage, we have no evidence that any Accuro data has been compromised, but we cannot rule out this possibility,” the CFO said on Friday.

He would not confirm or deny if a ransomware threat was involved.

This afternoon, there was no substantial update. Accuro is still trying to gauge the scope of the attack, and whether sensitive data was exposed.

“Our IT provider is working with their own forensic experts and Government agencies to understand the nature and extent of the impact. We have also notified the relevant regulatory authorities, including the Office of the Privacy Commissioner,” the firm said in a statement.

The company warns its phone service is currently limited and is asking customers to email info@accuro.co.nz instead.

Brett Callow, a threat assessment analyst with NZ-based Emsisoft, told the Herald there were no immediate signs of Accuro customer data for sale on the dark web.

Accuro is the latest provider to be hit after a string of cyber-attacks that included a hack on central North Island provider Pinnacle Midlands Health Network in October and the earlier ransomware attack on the Waikato DHB. Pinnacle updated on Friday afternoon that it is still in the process of trying to identify affected patients.

Across the Tasman, sensitive patient records have started to appear on the dark web after health insurer Medibank refused to pay a US$9.7m cyber ransom.

Pinnacle has refused to confirm or deny if it’s the subject of a cyber ransom demand.