Last month, the High Court granted orders to prevent the disclosure of affected information
The Ministry of Justice – Te Tāhū o te Ture has confirmed that coronial files remain undisclosed following a cyberattack last month on a third-party provider that compromised access to over 14,000 coronial-related files.
“The people responsible for the wider incident have released information, not related to coronial, on the dark web. The Ministry of Justice can confirm that no coronial files or information, including post mortem reports and coronial transport information, have been released or published,” said Jacquelyn Shannon, the Ministry of Justice’s acting COO, in a statement on Wednesday.
Last 19 December 2022, the ministry initiated legal action in the High Court alongside Te Whatu Ora to prevent the disclosure of the affected information. In an emergency hearing, the court granted orders to stop the accessing, sharing or publication of the compromised data.
The cyber incident was first reported on 6 December 2022. The attack was directed at an external company that conducted IT services for a third-party provider with which the justice ministry had contracts.
The ministry commenced an investigation alongside the supplier and government agencies like the National Cyber Security Centre, Office of the Privacy Commissioner, Police, and CERT NZ. Then-Ministry of Justice COO Carl Crafar said that access to roughly 14,500 coronial files relating to the transportation of deceased people from November 2018-November 2022 and about 4,000 post mortem reports from March 2020-November 2022 were impacted.
While no evidence indicated that the coronial data were stolen in the attack, Te Whatu Ora and the Ministry of Justice explained that they launched the High Court proceedings as a “prudent and proactive extra step to protect people’s confidential and sensitive information as any publication of this information would cause serious distress to those affected.”