A New Zealand IT company specializing in online security has been hacked.
iTCo, which is based in Rotorua, claims it was the subject of a ransomware cyberattack in early February.
Officials claim to have stolen more than 4 gigabytes of data.
“The attack temporarily affected some of our systems, and once the extent of the attack was known, a rolling restoration process immediately began to bring the systems back into service,” an iTCo spokesperson said.
“We have not engaged with those responsible.”
ITCo’s website says the company serves more than “a thousand businesses in New Zealand and overseas with a team of twenty-six employees”.
“We have informed all relevant authorities and we continue to follow the advice of Cert NZ, the New Zealand Police and the Office of the Privacy Commissioner. This is a criminal matter and will be dealt with as such by us and the relevant New Zealand authorities.
“We are conducting a thorough review of this attack to mitigate the potential for future incidents.”
A hacking group claimed responsibility and downloaded 4.56 gigabytes of information from the internet.
1News decided not to name the group or software variant they used, but international experts say it is associated with “Russian-speaking cybercrime actors”.
There is no evidence that the attack is linked to New Zealand’s condemnation of the Russian invasion of Ukraine.
The Office of the Privacy Commissioner confirmed that it was made aware of the attack.
“As with any breach, iTCo will need to investigate to fully determine the size and scope of the breach.”
“Our goal in these early stages is to provide agencies that have experienced a breach with guidance on how to minimize the harm the breach does to affected individuals.”
This comes as New Zealand’s National Cyber Security Center openly warns of the increased risk of cyberattacks due to Russia’s invasion of Ukraine:
“Malicious cyber activity in Aotearoa, New Zealand mirrors international trends.”
“These can have a serious impact, even for countries and organizations that are not directly targeted.”