Update 18 January 2023
Please attribute to Ministry of Justice Acting Chief Operating Officer, Jacquelyn Shannon;
The Ministry of Justice is aware of a development with the recent cyber security incident.
The people responsible for the wider incident have released information, not related to coronial, on the dark web.
The Ministry of Justice can confirm that no coronial files or information, including post mortem reports and coronial transport information, have been released or published.
The High Court last month granted orders preventing the accessing, sharing or publishing of information from the cyber security incident.
Due to the sensitive nature of the incident, we are not able to say more at this time.
Update 19 December 2022
Te Whatu Ora and the Ministry of Justice – Te Tāhū o te Ture can confirm that they have jointly filed legal proceedings in the High Court today to prevent people accessing, sharing or publishing confidential and sensitive coronial and health information at the centre of a recent cyber security incident.
The National Cyber Security Centre (NCSC), Police and CERT NZ are investigating the incident. We are also working with the Privacy Commissioner.
The order was granted in an urgent High Court hearing this afternoon. There is existing precedent for obtaining orders against unknown people.
In a joint statement, Te Whatu Ora and the Ministry of Justice said while there was no clear evidence that the material had been accessed, they could not rule out the possibility.
Te Whatu Ora and the Ministry of Justice added the legal proceedings were a prudent and proactive extra step to protect people’s confidential and sensitive information as any publication of this information would cause serious distress to those affected.
They added that the legal action was not designed to constrain media reporting of the incident but simply to protect the people whose private and sensitive information had been compromised.
Te Whatu Ora and the Ministry of Justice also acknowledged the anxiety that the cyber incident had caused to those impacted.
Anyone who thinks they may be affected can email contactus@justice.govt.nz or dial 0800 638 924. The 0800 number is open 0830-1700 Monday to Friday.
Update 15 December 2022
We appreciate how frustrating it will be that the Ministry can only provide with limited information at this time, but please know that the Ministry is working with the suppliers and other Government agencies, including the National Cyber Security Centre, Office of the Privacy Commissioner, Police, and CERT NZ to fully understand the extent of the issue.
There is no evidence at this stage that sensitive coronial information has been taken in the cyber security incident, but the Ministry cannot rule out that possibility.
6 December 2022
The Ministry of Justice has confirmed that a cyber-security incident involving an external company has impacted access to some coronial data.
The incident did not target Ministry of Justice systems directly. The external company affected provides IT services to a third-party provider the Ministry has contracts with.
While the incident is related to an external supplier’s systems, the Ministry of Justice is working with the suppliers and other Government agencies, including the National Cyber Security Centre (NCSC), Office of the Privacy Commissioner, Police, and CERT NZ to fully understand the extent of the issue. The Chief Coroner has also been informed.
Ministry of Justice Chief Operating Officer Carl Crafar said, at this stage, it is believed the incident had affected access to approximately 14,500 coronial files relating to the transportation of deceased people, and approximately 4,000 post mortem reports.
The coronial transport files are for cases nationwide from November 2018 through to November 2022.
The post-mortem data relates to files from Northland, Waikato, Bay of Plenty, Taranaki, East Coast, Wairarapa, Wellington, Horowhenua-Kāpiti, Nelson-Marlborough, Otago and Southland from March 2020 to November 2022.
Mr Crafar said while the cyber security incident had blocked access to the data, there was no evidence at this stage that the data had been taken.
However, the Ministry could not rule out that possibility and the incident was being investigated thoroughly by cyber security experts.
“We acknowledge that this incident has affected information that is sensitive. We will continue working to understand the extent of the incident.
“We are conscious that so-called malicious actors behind such activity can monitor public commentary on incidents of this nature so will not be providing more detailed information on our responses at this time.”
Anyone who thinks they may be affected can email contactus@justice.govt.nz or dial 0800 638 924. The 0800 number will be open from Wednesday 7 December between 8.30am to 5.00pm Monday to Friday.
What is the Ministry doing to prevent coronial files being published?
Te Whatu Ora and the Ministry of Justice – Te Tāhū o te Ture have jointly filed legal proceedings in the High Court to prevent people accessing, sharing or publishing the confidential and sensitive coronial information at the centre of the cyber security incident. This is an extra step to protect people’s confidential and sensitive information.
The publication or disclosure of any material may be a criminal offence.
We are also working alongside the National Cyber Security Centre (NCSC), Police and CERT NZ (Computer Emergency Response Team) to understand what can be done.
What has happened?
The Ministry of Justice has been informed that a cyber-security incident involving an external company has affected access to some coronial data. The affected files contain sensitive information including the records of the transportation of deceased people and post mortem files.
How many files have been compromised?
At this stage, it is believed the incident has affected access to approximately 14,500 coronial files relating to the transportation of deceased people, and approximately 4,000 post mortem reports.
The coronial transport files are for cases nationwide from November 2018 through to November 2022.
The post-mortem data relates to files from Northland, Waikato, Bay of Plenty, Taranaki, Wellington, Horowhenua-Kāpiti, Nelson-Marlborough, Otago and Southland from March 2020 to November 2022.
When was the Ministry informed about the cyber-security incident?
The Ministry was informed of the incident on Wednesday 30 November 2022 and immediately informed the relevant Government authorities.
What is the Ministry doing?
The Ministry is working with Police, forensic and cyber-security experts to understand the nature and extent of the impact of this incident. We are working on resolving this incident as soon as possible.
I think my loved one may be affected by this, what do I do?
Anyone who believes they could be affected can email contactus@justice.govt.nz or dial 0800 638 924. The 0800 number will be open from Wednesday 7 December between 8.30am to 5.00pm Monday to Friday.
Who is behind this cyber-security incident?
As this is an ongoing investigation, we cannot comment on who might be responsible.
Have coronial services been impacted?
Coronial services continue to operate as usual.
How did this happen and what is the Ministry of Justice doing to stop this from happening again?
It’s important to note that this incident did not target Ministry of Justice systems directly. The external company affected provides IT services to a third-party provider the Ministry has contracts with.
The Ministry of Justice is working with the suppliers and other Government agencies, including the National Cyber Security Centre (NCSC), Police and CERT NZ to understand how this occurred, the nature and extent of the impact of this incident, and what can be done to prevent it happening again. The Ministry takes all appropriate security measures when protecting information for which the Ministry is responsible.
This page was last updated: