Competenz Cyber Response

Information, updates and support for those affected

Updated: 13 August 2024

What happened?

This is an update regarding the ongoing investigation into the cyber-attack on the Competenz IT system. As a result of that investigation, it has come to light that some personal data and identity documents were compromised in the attack.

Provided below are further details to ensure that you are fully informed.

What has Competenz done in response?

We have taken immediate steps to address this attack:

  • We engaged independent cybersecurity experts upon detection and initiated a comprehensive forensic investigation
  • We have notified relevant authorities, including the Office of the Privacy Commissioner and the National Cyber Security Centre. The New Zealand Police are also aware of the incident
  • We have taken urgent steps to secure our environment, and our systems were operational as quickly as possible to minimise impact
  • Our systems have now been reconstructed and fortified to enhance the security and resilience of our systems.

We have issued updates about the attack to our customers and stakeholders, and kept them informed of our investigations.

We are continuing to provide notifications and updates as our investigations progress.

What kind of information?

The attack resulted in various types of personal information being compromised. Our investigation has identified that this included personal information that was provided to Competenz to enrol them into their qualification. That compromised information may include some of the following:

  • Name, contact details, date of birth
  • Copies of the identity documents that you provided to Competenz for enrolment, such as passport, birth certificate, driver licence, certificate of identity and or citizenship, immigration visas, grant of residence, and student/ employee identity documents
  • Financial cards and statements
  • Professional  and enrolment registration detail
  • Qualifications
  • Completion certificates
  • Marriage licence.

Others who have been involved with Competenz may also be impacted and we are working to identify and let them know.

What has happened to the information?

Our investigation has established that during the attack, the cyber-criminals extracted and stole certain data from our systems, including personal information as described above.  

Potential risks to guard against

We do not currently have any information to indicate that your data or identity documents have used for fraudulent purposes. However, it is important that you are aware of the risks that this may occur given that data has been stolen by the attackers. We have outlined these below:

Driver licence:  A driver licence is the most common credential used by identity criminals. The photo on a driver licence is not necessary to enable a criminal to exploit these details. The most commonly misused information is the personal details, card number, driver licence or customer reference number, and expiry date.

This information could potentially be used to establish new accounts in a person’s name, and in some cases deceive either a person or an organisation into providing access to existing accounts.

Birth certificate:  Birth certificate information, crucial for verifying identity in various transactions, could be misused by identity criminals to establish false identities or commit fraud.

 

Passport: Passport details, including number and expiry date, pose a risk similar to driver licences, potentially enabling identity theft and fraud. Border security makes travelling on a compromised passport very difficult. However, passport information can be used to establish new accounts in a person’s name, and in some cases deceive either a person or an organisation into providing access to existing accounts. You may wish to consider New Zealand credit reports and New Zealand credit suppressions as additional protective measures to protect against credit misuse.

What should you do?

We recommend the following steps to safeguard your information:

  • Use the DIA Checklist: Refer to the Department of Internal Affairs’ online checklist for steps to take in relation to driver licences and passports: Identity Theft Online Checklist.
  • Stay alert: Watch for any suspicious communications or phishing attempts.
  • Monitor accounts: Regularly check your financial and online accounts for unauthorized activities.
  • Check your credit record: Check your credit record to confirm if your identity has been used to obtain credit without your knowledge. Please refer to here for further information.
  • Update security: Change passwords and enable two-factor authentication where possible.

You may also seek advice from the Office of the Privacy Commissioner for additional support.

How to contact us

If you would like further details of what information has been compromised, please complete this form below and we will reply with relevant information as soon as possible.

You have the right to make a complaint to us in the first instance or to the Office of the Privacy Commissioner.

We understand the gravity of this incident and are dedicated to supporting you.

If you have any questions, concerns or need support, please contact cyberinfo@competenz.org.nz.

Thank you for your attention to this matter. We apologise for any inconvenience caused and assure you that safeguarding your information remains our top priority.