A New Zealand IT company, specialising in online security, has been hacked.
iTCo, which is based in Rotorua, says it was the subject of a ransomware cyberattack in early February.
Those responsible are claiming to have stolen more than 4 gigabytes of data.
“The attack temporarily impacted some of our systems, and once the extent of the attack was known, a progressive restoration process began immediately to return the systems to operation,” an iTCo spokesperson said.
“We have not engaged with those responsible”.
iTCo’s website says the company services more than a “thousand businesses in New Zealand and overseas with a team of twenty six staff.”
“We have notified all relevant authorities and we continue to follow advice from Cert NZ, NZ Police and the Office of the Privacy Commissioner. This is a criminal matter, and it will be treated as such by ourselves and the relevant New Zealand authorities.
“We are conducting a thorough review of this attack to mitigate the potential for future incidents.”
A hacking group has claimed responsibility and has uploaded 4.56 gigabytes worth of information to the internet.
1News has decided not to name the group or the variant of software they’ve used, but international experts say its associated with “Russian-speaking cybercrime actors”.
There is no evidence the attack is linked to New Zealand’s condemnation of Russia’s invasion of Ukraine.
The Office of the Privacy Commissioner confirmed it has been made aware of the attack.
“As with any breach, iTCo will need to investigate to fully ascertain the size and scope of the breach.”
“Our focus in these early stages is to provide agencies who have experienced a breach with advice on how minimise the harm caused by the breach on the individuals impacted.”
It comes as New Zealand’s National Cyber Security Centre openly warns of the increased risk of cyber-attacks due to the Russian invasion of Ukraine:
“Malicious cyber activity in Aotearoa New Zealand reflects international trends.”
“These may have serious impact, even for countries and organisations not directly targeted.”