Muslim leader calls for greater transparency from ministry over hacked files. David Williams reports.
The Ministry of Justice confirms it has contacted the families affected by the Christchurch terror attack over a cyber security incident involving coronial files.
However, it’s still not clear how many families have been affected, or whether the files have been stolen.
On December 6, the ministry issued a statement saying a cyber attack on a third-party company had blocked access to 14,500 coronial files relating to the transport of the deceased, and about 4000 post-mortem reports.
Given the transport files related to cases nationwide between November 2018 and November of this year it was likely the hack involved files related to the 50 peaceful worshippers shot dead by an Australian terrorist in the March 2019 shootings at two Christchurch mosques.
The post-mortem data did not involve files from Canterbury.
Newsroom sent questions to the ministry on December 7 including: how many files related to the Christchurch terror attack, and if the information included pictures of the deceased.
We were told later that day: “Given the sensitive nature of this incident, we are not able to provide any further updates beyond our statement at this stage.
“We will keep you posted on any further updates from the Ministry of Justice in due course.”
On Wednesday this week, we approached the ministry with comments from Aliya Danzeisen, national coordinator of the Islamic Women’s Council.
Danzeisen says the hack involved private and personal information and the government response needs to be open and transparent. Affected families need to be contacted as soon as possible with more information, she says – it’s inadequate to send a generic message to March 15 families saying they might be affected.
“By now, they should know which families have been impacted, the file number, and they should be directly informed,” Danzeisen says.
The lack of clarity has caused anxiety within the Muslim community, some of which might be unnecessary, she says.
Questions asked by the families, to which the answers are unknown, include: if the information was accessed or stolen, was the hack domestic or international, and what’s the investigation’s scope and timing?
Maha Galal, chair of the March 15 Whānau Trust, says the community is very concerned.
“We condemn all forms of blackmail and extortion, and while incredibly upsetting to the families left behind, this is unfortunately becoming all too common in today’s world.
“Of significant worry to the March 15th community is the unauthorised access and potential release of personal information relating to the bodies of the Shaheed who died on March 15, 2019.
“This information is highly sensitive for the Muslim faith. We trust that the authorities will act swiftly and that any public platforms will respect the privacy and decency in not redistributing any material that may be leaked.”
The Ministry of Justice provided a statement Thursday evening, in which chief operating officer Carl Crafar acknowledged the distress and anxiety the cyber incident is causing.
“We have reached out to families of the victims of the March 15, 2019 terrorist attack on Christchurch masjidain, to share as much information as we can about the incident, and to offer support.”
(Galal says: “They did contact the families to provide the support that we needed and we appreciate that.”)
Crafar says the ministry appreciates the frustration at the limited information provided.
The ministry is working with agencies, including the National Cyber Security Centre, Office of the Privacy Commissioner, police, and CERT NZ.
“There is no evidence at this stage that sensitive coronial information has been taken in the cyber security incident, but the ministry cannot rule out that possibility.”
Crafar says due to the sensitive nature of the incident the ministry is not able to say more.
Privacy Commissioner Michael Webster has said his office would investigate the hack on Wellington-based IT firm Mercury IT.
Cyber security expert Brett Callow told Stuff people should probably assume the worst about the ransomware attack – that it’s likely the data was stolen.
Danzeisen, of the Islamic Women’s Council, is also concerned the hack involved files accessed through a third-party provider. “The death of someone is very, very important and very intimate, you would think that it would solely be held within the government.”
Last week, Newsroom asked Justice Minister Kiri Allan if she was concerned such sensitive information was held by a third party, and what changes were needed to avoid a repeat.
Cyber security risks were constantly changing, she said, as new threats emerge.
“Organisations are advised to assess risk and evolve their threat mitigations on an ongoing basis,” Allan said in an emailed statement.
“Even with the application of best practice it is not possible to completely rule out the prospect of a cyber security incident.
Allan was informed of the incident by a phone call from the justice ministry on November 30, the same day it was notified.
“I’m being kept informed as the incident develops and given the sensitive nature of this incident I won’t be commenting further.”
Galal asks media to respect affected families, and not cause further distress.
The Justice Ministry has asked affected people to email firstname.lastname@example.org or phone 0800 638 924