Incidents

The National Cyber Security Centre responds to threats to nationally significant organisations and high-impact cyber incidents at national level.

What is a cyber incident?

An incident is an attack or attempted attack against a computer or network that harmed, or potentially may harm, the confidentiality, integrity or availability of network data or systems.

In general, cyber security incidents include, but are not limited to:

  • attempts to gain unauthorised access to a computer system or its information
  • unwanted disruption or denial of service
  • unauthorised use of a system for processing or storing information
  • changes to system hardware, firmware or software without the knowledge or consent of the system owner

For more, see NZ Cyber Threat section, below.

Report an incident

  • If your organisation requires assistance, please complete the Cyber Security Incident – Request for Assistance Form. (If required, you can speak with us directly on (04) 498-7654.)
  • If you would like to tell us about an incident but do not need help, please complete the Cyber Security Incident - Report Form.
  • If you would like to report or need help with an incident related to your home computer, please refer to the Resources page for guidance.
  • If you’re unsure about what to do, contact us. If it’s outside our area of responsibility, we can refer your inquiry to CERT NZ or another appropriate organisation.

The NCSC understands that incident reports may contain commercially or other sensitive information. Information in incident reports to the NCSC may, however, form part of the NCSC's reporting to other entities on cyber threats.

This reporting is an important part of the NCSC's information assurance and cyber security function. Subject to the point below, the NCSC reporting would not include personal information about identifiable individuals.

  • All information in incident reports to the NCSC may also be shared with the Minister responsible for GCSB, the Minister for National Security and Intelligence, and the Inspector-General of Intelligence and Security.
  • The NCSC uses the Traffic Light Protocol (TLP) to determine the sensitivity and handling instructions for incident-related and other information with which it is entrusted.
    Details of the TLP can be found here: Traffic Light Protocol

The National Cyber Security Centre (NCSC) publishes reports of cyber security incidents.

Recorded incidents range in seriousness from small businesses targeted with ransomware and attempts to obtain credit card information, through to serious and persistent attempts to compromise the information systems of significant New Zealand organisations.  This can include identification and exfiltration of valuable intellectual property.

Some of these threats come from well-resourced foreign sources. Sometimes they are targeting significant New Zealand organisations, others use New Zealand systems to target overseas networks.

Examples of the threats identified through the GCSB’s cyber security capabilities include:

  • Several officials from a key government agency targeted through email and web site exploits in an effort to get personal information and potentially compromise the agency’s network.  This attack was detected and mitigated before important information could be lost/compromised.
  • The use of a malware package, to target six significant New Zealand organisations.   The threat was detected and mitigated through systems and support provided via our CORTEX capabilities.
  • Identifying and tracing the source of a new cyber-attack method.  The attack targeted several nationally significant customers.  The indicators of compromise for this new threat were able to be passed on to our international partners, helping to reduce global vulnerability to this particular attack.
  • Detecting large-scale targeting of a nationally significant organisation as part of a global campaign.  The NCSC was able to work closely with the New Zealand organisation to contain the threat.

Part of our response to more sophisticated and advanced threats are the advanced cyber threat detection and disruption capabilities developed as part of the CORTEX initiative.