The Ministry of Justice has confirmed that a cyber-security attack involving an external company has impacted access to coronial data.

The incident did not target Ministry of Justice systems directly.

The external company affected provides IT services to a third-party provider the Ministry has contracts with.

While the incident is related to an external supplier’s systems, the Ministry of Justice is working with the suppliers and other Government agencies, including the National Cyber Security Centre (NCSC), Office of the Privacy Commissioner, Police, and CERT NZ to understand the extent of the issue.

The Chief Coroner has also been informed.

Ministry of Justice Chief Operating Officer Carl Crafar said, at this stage, it is believed the incident had affected access to approximately 14,500 coronial files relating to the transportation of deceased people, and approximately 4,000 post mortem reports.

The coronial transport files are for cases nationwide from November 2018 through to November 2022.

The post-mortem data relates to files from Northland, Waikato, Bay of Plenty, Taranaki, Wellington, Horowhenua-Kāpiti, Nelson-Marlborough, Otago and Southland from March 2020 to November 2022.

He said while the cyber security incident had blocked access to the data, there was no evidence at this stage that the data had been taken.

However, the Ministry could not rule out that possibility and the incident was being investigated thoroughly by cyber security experts.

“We acknowledge that this incident has affected information that is sensitive. We will continue working to understand the extent of the incident.

“We are conscious that so-called malicious actors behind such activity can monitor public commentary on incidents of this nature so will not be providing more detailed information on our responses at this time.” 

Anyone who thinks they may be affected can email [email protected] or dial 0800 638 924. The 0800 number will be open from Wednesday 7 December between 8.30am to 5.00pm Monday to Friday.

What has happened?

The Ministry of Justice has been informed that a cyber-security incident involving an external company has affected access to some coronial data. The affected files contain sensitive information including the records of the transportation of deceased people and post mortem files.

How many files have been compromised?

At this stage, it is believed the incident has affected access to approximately 14,500 coronial files relating to the transportation of deceased people, and approximately 4,000 post mortem reports.

The coronial transport files are for cases nationwide from November 2018 through to November 2022.

The post-mortem data relates to files from Northland, Waikato, Bay of Plenty, Taranaki, Wellington, Horowhenua-Kāpiti, Nelson-Marlborough, Otago and Southland from March 2020 to November 2022.

When was the Ministry informed about the cyber-security incident?

The Ministry was informed of the incident on Wednesday 30 November 2022 and immediately informed the relevant Government authorities.

What is the Ministry doing?

The Ministry is working with Police, forensic and cyber-security experts to understand the nature and extent of the impact of this incident. We are working on resolving this incident as soon as possible.

I think my loved one may be affected by this, what do I do?

Anyone who believes they could be affected can email [email protected]  or dial 0800 638 924.  The 0800 number will be open from Wednesday 7 December between 8.30am to 5.00pm Monday to Friday.

Who is behind this cyber-security incident?

As this is an ongoing investigation, we cannot comment on who might be responsible.

Have coronial services been impacted?

Coronial services continue to operate as usual.

How did this happen and what is the Ministry of Justice doing to stop this from happening again?

It’s important to note that this incident did not target Ministry of Justice systems directly. The external company affected provides IT services to a third-party provider the Ministry has contracts with.

The Ministry of Justice is working with the suppliers and other Government agencies, including the National Cyber Security Centre (NCSC), Police and CERT NZ to understand how this occurred, the nature and extent of the impact of this incident, and what can be done to prevent it happening again. The Ministry takes all appropriate security measures when protecting information for which the Ministry is responsible.