Information gleaned in NZ government contractor hack released on the dark web

Information gleaned in a Russian or Eastern Europe cyberattack, which hit organisations working for Te Whatu Ora Health NZ and the Ministry of Justice, has been released on the dark web.

Some private companies were also targeted in the attacks. The exact nature of information placed on the dark web is not yet known.

In response to questions, Ministry of Justice – Te Tāhū o te Ture acting chief operating officer Jacquelyn Shannon on Tuesday evening confirmed a “development with the recent cybersecurity incident”.

She could not say what had been released. Te Whatu Ora and other major government agencies have been asked if any of their information had been hacked and put on the dark web from this incident.

READ MORE:
* Waikato DHB to tell 4200 people their personal information was disclosed on the dark web, following May cyber attack
* Waikato DHB wins injunction to stop Radio NZ using hacked data
* Waikato DHB cyber breach: expect ‘sensitive personal’ info releases, says privacy boss

“The people responsible for the wider incident have released information not related to coronial on the dark web,’’ Shannon said.

A number of businesses were also hacked. All of them – as well as organisations providing services to Te Whatu Ora and Health NZ – were customers of Wellington information technology firm Mercury IT, itself the victim of a ransomware attack understood to be by a cybercriminal gang known as Lockbit.

The attack is said to involve 14,500 coronial files and 4000 post-mortem reports from those organisations. While some information was previously put for sale on the dark web, for prices from US $99,000 (NZ$157,000) and US $999,999, this is the hacked information itself.

Lockbit formed in 2019 and is thought to be based in Russia or in Eastern Europe.

The Ministry on December 15 confirmed the cyber incident “involving an external company has impacted access to some coronial data”.

They are files from cases from November 2018 through to November 2022.

“The affected files contain sensitive information including the records of the transportation of deceased people and post-mortem files,” the ministry website says.

Four days later, Te Whatu Ora and the Ministry of Justice – Te Tāhū o te Ture got a High Court order preventing people accessing, sharing or publishing confidential and sensitive coronial and health information at the centre of a recent cybersecurity incident.

Shannon on Tuesday confirmed ”no coronial files or information, including post-mortem reports and coronial transport information, have been released or published”.

The sensitive nature of the incident meant Shannon cold not release further information.

Lockbit recently hacked England’s Royal Mail. The Guardian reported that ransomware was inserted into an IT system, which encrypts computers and makes it impossible to access data until a ransom is paid.

The Ministry of Justice would not say if there had been any extortion attempts.