The Commerce Commission announced on Tuesday that a computer containing confidential information had been stolen from an external provider, Marc Daalder reports.

Confidential information contained in transcripts of some 270 meetings and interviews has been compromised after a burglary at a residential address, according to the Commerce Commission and the police.

“The transcripts may date back to early 2016 and contain some confidential information businesses and individuals have provided the Commission,” the regulator said in a statement.

The information was compromised after computer equipment belonging to an “external provider” was stolen in a burglary.

The Commission has been in contact with the police regarding the incident and has said it will not be releasing any more details about the burglary or provider.

Sensitive information at risk
“Some of the information is subject to a confidentiality order issued by the Commission under section 100 of the Commerce Act. This makes it a criminal offence for any person in possession of the devices or information from the devices to disclose or communicate it to anyone while the orders are in force,” said the regulator’s chief executive, Adrienne Meikle.

At least some of the transcripts that may have been compromised are of confidential interviews regarding the proposed Stuff-NZME merger in 2017.

The Commission has said it will no longer work with the external provider that owned the equipment, with Meikle saying that they were “subject to contractual and confidentiality obligations to ensure that information was stored securely and deleted after use. The provider has informed us it did not meet these obligations.”

Much of the stolen data should have been deleted, according to Commission Chair Anna Rawlings.

Two independent reviews have been launched in relation to the incident, which the Commerce Commission found out about last week. The Ministry for Business, Innovation and Employment and Commerce Minister Kris Faafoi were both notified the day of the incident.

A string of security breaches
Rawlings told reporters the device that was stolen was not password-protected. The service provider in question has relationships with two other government agencies who are aware of the situation, Rawlings said.

However, the Commission has not yet seen any indication that the data has been disseminated. It also has copies of all the information it thinks may have been taken.

This is the latest in a string of data security incidents government agencies have experienced. On Friday, the public health organisation Tū Ora Compass announced that the data of up to one million patients was compromised after a cyber attack.

In August, a data breach at the Ministry for Culture and Heritage left the passports and birth certificates of hundreds of people exposed online.

Marc Daalder is a senior political reporter based in Wellington who covers climate change, health, energy and violent extremism. Twitter/Bluesky: @marcdaalder

Leave a comment