print-icon
print-icon

Major Data Breaches Put Hundreds Of Thousands Of New Zealanders At Risk

Tyler Durden's Photo
by Tyler Durden
Authored...

Authored by Rex Widerstrom via The Epoch Times (emphasis ours),

Hundreds of thousands of New Zealanders could have their personal information exposed online after hackers breached two major websites and stole large amounts of data.

In this photo illustration, hacker types on a computer keyboard on May 13, 2025. Oleksii Pydsosonnii/The Epoch Times

In the first case, a group calling itself Kazu announced it had obtained records from the Manage My Health (MMH) website, an online portal that connects patients with doctors and healthcare providers and allows them to access health information, book appointments, and order repeat prescriptions.

The website collects and manages sensitive information about patients.

Some released samples by the hacker reportedly included information about patients’ conditions, medical test results, clinical notes, vaccination records, medical photographs and personal identification details.

Initially, the hackers demanded a $60,000 ransom to stop them from releasing the more than 400,000 files online by Jan. 15, 2026.

However, on Jan. 4, the group said on its Telegram channel that it had brought forward the payment deadline to Jan. 6, citing MMH’s quick response to the hack and an alleged lack of concern for patients’ data.

“Their ignorance of our emails and messages, along with their failure to acknowledge users or explain exactly what happened, is the main issue,” the group Kazu wrote on Telegram.

“Many MMH users have been asking the company for an explanation, but they’ve either ignored them or responded with vague statements.

“That’s why we decided to reduce the deadline and put pressure on the company.”

Hacker Group Wants A ‘Minimum’ Ransom

At the same time, Kazu explained that the group decided to settle for a “minimum” ransom of $60,000 instead of the initial amount of $300,000 “to protect the data and quickly close the deal.”

Kazu also threatened to leak the files if the ransom was not paid in the next 48 hours.

The most recent threat to release the confidential health data of hundreds of thousands of New Zealanders from the ransomware group Kazu's Telegram channel. Screenshot/The Epoch Times.

MMH’s Response

In an update on Jan. 3, MHH announced that the company had fixed the security gap and strengthened data protection.

“We’ve identified and closed the specific gaps that allowed unauthorised access. This fix has been independently tested and verified by external cybersecurity experts,” it said.

We’ve added extra checks when people log in and limited how many times someone can try to access the system in a short time.

“All health documents have been re-secured and their storage has been strengthened.”

The company also noted that the website’s system environment was now secure and operated as intended.

MHH expected 6-7 percent of its estimated 1.8 million users were affected by the incident amid an ongoing investigation.

“We expect to start notifying those affected following confirmation of forensics and liaison with PHOs and GPs to ensure that individuals are getting the right information, in line with Privacy Act requirements, and are properly supported,” it said.

“The forensic team is continuing work to confirm our analysis of the specific documents involved. Completion of this step will enable us to proceed with more targeted communications to affected parties and we will start informing people directly from early next week.

Meanwhile, New Zealand Health Minister Simeon Brown said his ministry was reviewing the breach.

“I know this breach will be very concerning to the many New Zealanders who use Manage My Health, and we need assurances around the protection and security of people’s health data,” Brown said in a statement.

“Patient data is incredibly personal, and whether it is held by a public agency or a private company, it must be protected to the highest of standards.”

The minister also noted that the review would be conducted no later than Jan. 30, with a focus on an “immediate response to the incident.”

Neighbourly Data Breach

In an unrelated but similar incident, the personal details of users of a large “community noticeboard” type website called Neighbourly have also been offered for sale on the dark web.

People use the site to make announcements, contact other members, and buy and sell items.

The site is run by media company Stuff, which runs several newspapers and a news website, and provides a daily news bulletin for one of the country’s TV networks.

According to The Daily Dark Web, a website that monitors activity on the dark web, about 150GB of data was stolen from Neighbourly by an unnamed threat actor, including full names and physical addresses, email addresses, phone numbers, GPS coordinates, user biographies, and private messages.

Neighbourly was shut down on New Year’s Day and restored recently, with the site confirming the breach on Jan. 3.

In a message to its users, Neighbourly operating team apologised for the incident and informed them that the data breach had been contained.

“Following best practice, we will look to seek a court injunction against any use of the material,” the team said.

“We want to apologise to our members for this occurrence and any concerns it may have caused you over the past few days.

“We will work closely with all our staff to ensure we have the most robust processes in place to prevent it from happening again.”

Loading recommendations...