Assessing the top NZ security breaches of 2018

Assessing the top NZ security breaches of 2018

Kiwi businesses now under the security spotlight

New Zealand businesses and individuals continued to fall victim to cyber attacks during the first half of 2018, as security breaches increase across the country.

Following years of end-user indifference - maintaining the belief that ignorance is bliss - the nation is now under threat and in the firing line, as organisations of all shapes and sizes face exposure.

Perhaps for the security specialists up and down the country, this revelation is nothing new, a mere stating of the obvious in a world now dominated by high-profile attacks.

Yet for some reason, the penny has failed to drop among Kiwis, with some mistakenly holding onto the belief that geography still remains the golden saviour from hackers.

Granted, not every breach has been due to a malicious gang of cyber criminals, with human error also playing a factor.

But irrespective of the cause, the end result is a New Zealand now under the security spotlight.

Since January, the Inland Revenue, Z Energy and Vector have fallen victim to media headlines and public scrutiny, not to mention a government minister impersonated via social media.

Added to the global incidents impacting Facebook, Ticketmaster and Ortbiz - not forgetting Meltdown and Spectre - and New Zealand already has a scrapbook of security breaches to browse through.

The year started off with revelations that thousands of Inland Revenue files were locked up after New Zealand's tax department became the target of a crypto-locking attack.

In February, IRD said that in addition to the phishing emails targeting customers, the department also regularly receives phishing emails attempting to obtain money or information or to compromise the Inland Revenue environment.

"In November 2017, a link in a phishing email was clicked on resulting in a cryptolocker malware executing within Inland Revenue which encrypted 3500 files," a statement to Parliament's Finance and Expenditure Committee said.

IRD told Reseller News at the time that the attack occurred in November 2016, not 2017 as it told the committee.

The files were recovered from back-up and no Inland Revenue data was lost or compromised, IRD said in response to questions during the department's annual review.

Less than two months after such revelations, a total of 63,724 people in New Zealand were revealed to be potentially impacted by the Cambridge Analytica data breach, according to figures released by the Office of the Privacy Commissioner.

As reported by Reseller News, the scandal involved the collection of personally identifiable information of up to 87 million Facebook users that Cambridge Analytica began collecting in 2014 - the data was used to influence voter opinion on behalf of politicians who hire them.

Following the breach, Facebook apologised, experienced public outcry and lowered stock prices, calling the way that Cambridge Analytica collected the data as "inappropriate."

At the time of the revelation, New Zealand's privacy commissioner joined international criticism of Facebook, saying the business broke the law by declining a citizen access to personal information held on the accounts of other users.

As the dust settled on the news, in a separate incident involving the social media giant, the government then took the step to urge New Zealanders to report suspicious activity on their Facebook accounts, after digital media minister Clare Curran was targeted by a fake account.

After being impersonated online, Curran said CERT NZ - a national emergency response team - advised the minister to change her password and upgrade protection.

Customer data

Moving away from all things social media however, the next major security incident came in the form of electricity network provider Vector, as revealed in April.

Read more on the next page...

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Brand Post



Channel gathers for Nextgen New Zealand's Summer (Somewhere) Party

Channel gathers for Nextgen New Zealand's Summer (Somewhere) Party

Held in Auckland, Nextgen New Zealand's Summer (Somewhere) Party was an opportunity for celebration with a tangerine taste of summer. Nexgen's channel community seized the opportunity to catch-up with familiar faces and enjoy an in-person gathering.

Channel gathers for Nextgen New Zealand's Summer (Somewhere) Party
Show Comments