Hundreds of thousands of New Zealanders face heightened risks of identity theft and extortion following a series of major cyberattacks, including a massive breach of the ManageMyHealth patient portal and a separate intrusion into the Neighbourly community platform that exposed sensitive user data. The ransomware group Kazu claims it stole hundreds of thousands of files from ManageMyHealth, potentially exposing personal health records of roughly 126,000 individuals, and demanded a ransom under threat of public release. Independent cybersecurity experts warn that such stolen health and location information could fuel identity fraud and other crimes, with critics blaming weak security practices and poor communication by the privately operated platforms — a scenario that has prompted an urgent government review of digital safeguards. Additional phishing and malware threats compound the pressure on New Zealanders to protect their digital footprints.
Sources:
https://www.theepochtimes.com/world/major-data-breaches-put-hundreds-of-thousands-of-new-zealanders-at-risk-5966001
https://www.rnz.co.nz/news/political/583170/managemyhealth-breach-patients-at-risk-of-identity-theft-extortion-experts
https://securitybrief.co.nz/story/be-very-very-suspicious-neighbourly-breach-makes-users-vulnerable-expert
Key Takeaways
- Widespread Breaches: Cyberattacks targeting New Zealand platforms have exposed personal data of tens to hundreds of thousands of citizens, including health records and GPS metadata.
- Identity & Extortion Risks: Experts warn that exposed data significantly increases the likelihood of identity theft, extortion, and other fraud-related crimes.
- Security Shortcomings: Both private operators and oversight mechanisms are under scrutiny for inadequate cybersecurity measures and slow or unclear communications to affected users.
In-Depth
New Zealand’s cybersecurity landscape is under intense pressure as recent data breaches reveal how vulnerable personal information can be when digital infrastructure and private operators fail to implement rigorous security measures. A major incident involving ManageMyHealth — a widely used patient portal — has placed sensitive health records of an estimated 126,000 individuals at risk after a ransomware group known as Kazu reportedly accessed and stole hundreds of thousands of files. The criminals published ransom demands and threatened to disclose the data if not paid, a situation that cybersecurity specialists emphasize could lead to identity theft, medical fraud, and extortion if exploited on dark web markets or through targeted scams.
Critics point out that the breach reflects systemic shortcomings in how private tech platforms safeguard user data. Investigations have suggested that weak encryption, outdated defenses, and insufficient monitoring likely contributed to the unauthorized access, prompting urgent calls for a government-led review into cybersecurity standards, notifications procedures, and broader national digital protections. With personal data like GPS locations from the Neighbourly platform also potentially exposed, experts urge citizens to adopt heightened vigilance — a practical necessity in an era where cybercriminals increasingly leverage stolen information for sophisticated attacks. The convergence of these breaches has put a spotlight on the need for both stronger security protocols and more transparent, timely communication from service providers to minimize fallout and protect everyday users.