Waikato DHB cyber attack files
Gareth Watkins made this Official Information request to Radio New Zealand Limited
The request was successful.
From: Gareth Watkins
Dear Radio New Zealand Limited,
My request relates to the group of stolen files that were placed online following the recent cyber attack on Waikato DHB. My request relates to RNZ employees and any RNZ associates (e.g. contractors, external advisors, lawyers that RNZ utilize).
1. How many RNZ employees/associates POTENTIALLY had access to the files. Please also supply their job titles.
2. How many RNZ employees/associates ACTUALLY accessed the files. Please also supply their job titles.
3. How much time have RNZ employees/associates spent accessing the files.
4. Please detail the scope of the files RNZ employees/associates have had access to:
the number of files, the total file size, type of files (e.g email, report, notes) and document titles (if they don't breach the privacy of individuals).
5. Please supply any memos, emails or policies relating to RNZ employees/associates accessing, using, publishing information from the files
6. Please supply any information relating to how RNZ has (or intends to) remove the files and associated information from its information systems (physical and digital).
7. Please supply any information relating to RNZ employees/associates making contact with those people identified in the documents (e.g. are you letting individuals know you've read their files)
Yours faithfully,
Gareth Watkins
From: Maggie Hedge
Radio New Zealand Limited
Good morning Gareth
RNZ acknowledges receipt of your OIA request. Under the Official Information Act 1982 we have 20 working days to respond, and will contact you via email /post. If for any reason our response is delayed due to illness, or pandemic we will advise immediately.
Kind regards
Maggie Hedge| OIA Administrator RNZ
[email address]
-----Original Message-----
From: Gareth Watkins <[FOI #16253 email]>
Sent: Friday, 30 July 2021 2:54 PM
To: RNZ <[email address]>
Subject: [EXTERNAL] - Official Information request - Waikato DHB cyber attack files
Dear Radio New Zealand Limited,
My request relates to the group of stolen files that were placed online following the recent cyber attack on Waikato DHB. My request relates to RNZ employees and any RNZ associates (e.g. contractors, external advisors, lawyers that RNZ utilize).
1. How many RNZ employees/associates POTENTIALLY had access to the files. Please also supply their job titles.
2. How many RNZ employees/associates ACTUALLY accessed the files. Please also supply their job titles.
3. How much time have RNZ employees/associates spent accessing the files.
4. Please detail the scope of the files RNZ employees/associates have had access to:
the number of files, the total file size, type of files (e.g email, report, notes) and document titles (if they don't breach the privacy of individuals).
5. Please supply any memos, emails or policies relating to RNZ employees/associates accessing, using, publishing information from the files
6. Please supply any information relating to how RNZ has (or intends to) remove the files and associated information from its information systems (physical and digital).
7. Please supply any information relating to RNZ employees/associates making contact with those people identified in the documents (e.g. are you letting individuals know you've read their files)
Yours faithfully,
Gareth Watkins
-------------------------------------------------------------------
This is an Official Information request made via the FYI website.
Please use this email address for all replies to this request:
[FOI #16253 email]
Is [RNZ request email] the wrong address for Official Information requests to Radio New Zealand Limited? If so, please contact us using this form:
https://fyi.org.nz/change_request/new?bo...
Disclaimer: This message and any reply that you make will be published on the internet. Our privacy and copyright policies:
https://fyi.org.nz/help/officers
If you find this service useful as an Official Information officer, please ask your web manager to link to us from your organisation's OIA or LGOIMA page.
-------------------------------------------------------------------
CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.
Emails sent by Radio New Zealand Limited (RNZ) or any related entity, including any attachments, may be confidential, protected by copyright and/or subject to privilege. If you receive an email from RNZ in error, please inform the sender immediately, delete it from your system and do not use, copy or disclose any of the information in that email for any purpose. Emails to/from RNZ may undergo email filtering and virus scanning, including by third party contractors. However, RNZ does not guarantee that any email or any attachment is secure, error-free or free of viruses or other unwanted or unexpected inclusions. The views expressed in any non-business email are not necessarily the views of RNZ. www.rnz.co.nz
hide quoted sections
From: George Bignell
Radio New Zealand Limited
Dear Mr Watkins
As required under s15A of the Official Information Act, this email is to notify you that RNZ will require more than the initial 20 working days to fully compile a response to your inquiry. This is due to staff addressing RNZ's operational commitments and editorial coverage of the current pandemic.
We expect to respond to your request in the next 10 working days.
Kind regards
George Bignell| OIA Inquiries Coordinator
RADIO NEW ZEALAND | LEVEL 2 | 155 THE TERRACE
PO BOX 123 | WELLINGTON | NEW ZEALAND 6140 | www.rnz.co.nz
DDI +64 4 474 1424 | [mobile number]
-----Original Message-----
From: Gareth Watkins <[FOI #16253 email]>
Sent: Friday, 30 July 2021 2:54 PM
To: RNZ <[email address]>
Subject: [EXTERNAL] - Official Information request - Waikato DHB cyber attack files
Dear Radio New Zealand Limited,
My request relates to the group of stolen files that were placed online following the recent cyber attack on Waikato DHB. My request relates to RNZ employees and any RNZ associates (e.g. contractors, external advisors, lawyers that RNZ utilize).
1. How many RNZ employees/associates POTENTIALLY had access to the files. Please also supply their job titles.
2. How many RNZ employees/associates ACTUALLY accessed the files. Please also supply their job titles.
3. How much time have RNZ employees/associates spent accessing the files.
4. Please detail the scope of the files RNZ employees/associates have had access to:
the number of files, the total file size, type of files (e.g email, report, notes) and document titles (if they don't breach the privacy of individuals).
5. Please supply any memos, emails or policies relating to RNZ employees/associates accessing, using, publishing information from the files
6. Please supply any information relating to how RNZ has (or intends to) remove the files and associated information from its information systems (physical and digital).
7. Please supply any information relating to RNZ employees/associates making contact with those people identified in the documents (e.g. are you letting individuals know you've read their files)
Yours faithfully,
Gareth Watkins
-------------------------------------------------------------------
This is an Official Information request made via the FYI website.
Please use this email address for all replies to this request:
[FOI #16253 email]
Is [RNZ request email] the wrong address for Official Information requests to Radio New Zealand Limited? If so, please contact us using this form:
https://fyi.org.nz/change_request/new?bo...
Disclaimer: This message and any reply that you make will be published on the internet. Our privacy and copyright policies:
https://fyi.org.nz/help/officers
If you find this service useful as an Official Information officer, please ask your web manager to link to us from your organisation's OIA or LGOIMA page.
-------------------------------------------------------------------
CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.
Emails sent by Radio New Zealand Limited (RNZ) or any related entity, including any attachments, may be confidential, protected by copyright and/or subject to privilege. If you receive an email from RNZ in error, please inform the sender immediately, delete it from your system and do not use, copy or disclose any of the information in that email for any purpose. Emails to/from RNZ may undergo email filtering and virus scanning, including by third party contractors. However, RNZ does not guarantee that any email or any attachment is secure, error-free or free of viruses or other unwanted or unexpected inclusions. The views expressed in any non-business email are not necessarily the views of RNZ. www.rnz.co.nz
hide quoted sections
From: George Bignell
Radio New Zealand Limited
Dear Mr Watkins
Please find below the information held by RNZ with respect to your
request.
As we are required to do, this message is to also advise you that our
response to your request can be referred to the Ombudsman’s Office for
review under s 28 (3) of the Official Information Act if you wish.
1. How many RNZ employees/associates POTENTIALLY had access to the
files. Please also supply their job titles.
Three, an IT systems administrator, a bureau chief and a reporter.
2. How many RNZ employees/associates ACTUALLY accessed the files.
Please also supply their job titles.
Two, a bureau chief and a reporter.
3. How much time have RNZ employees/associates spent accessing the
files.
We cannot give an exact figure but possibly up to 60 minutes.
4. Please detail the scope of the files RNZ employees/associates have
had access to:
the number of files, the total file size, type of files (e.g email,
report, notes) and document titles (if they don't breach the privacy of
individuals).
It is understood there was about 11 GB of information on the dark web. We
are unable to say how many files, their size or types that RNZ had access
to because we did not count them or review them.
RNZ found one area called "Oranga Tamariki Complaint" or similar which led
to RNZ reviewing around five files.
5. Please supply any memos, emails or policies relating to RNZ
employees/associates accessing, using, publishing information from the
files
Please refer to our editorial policies which are publicly available at
[1]https://www.rnz.co.nz/assets/cms_uploads...
6. Please supply any information relating to how RNZ has (or intends
to) remove the files and associated information from its information
systems (physical and digital).
RNZ does not hold any of the files on information systems and agreed to
their destruction as a part of a court order obtained by the Waikato DHB.
7. Please supply any information relating to RNZ employees/associates
making contact with those people identified in the documents (e.g. are you
letting individuals know you've read their files)
To be clear, RNZ did not access any patient data or patient records. We
accessed around five files related to a formal complaint which the Waikato
DHB lodged with Oranga Tamariki.
Kind regards
George Bignell| OIA Inquiries Coordinator
RADIO NEW ZEALAND | LEVEL 2 | 155 THE TERRACE
PO BOX 123 | WELLINGTON | NEW ZEALAND 6140 | www.rnz.co.nz
DDI +64 4 474 1424 | [mobile number]
-----Original Message-----
From: Gareth Watkins <[2][FOI #16253 email]>
Sent: Friday, 30 July 2021 2:54 PM
To: RNZ <[3][email address]>
Subject: [EXTERNAL] - Official Information request - Waikato DHB cyber
attack files
Dear Radio New Zealand Limited,
My request relates to the group of stolen files that were placed online
following the recent cyber attack on Waikato DHB. My request relates to
RNZ employees and any RNZ associates (e.g. contractors, external advisors,
lawyers that RNZ utilize).
1. How many RNZ employees/associates POTENTIALLY had access to the files.
Please also supply their job titles.
2. How many RNZ employees/associates ACTUALLY accessed the files. Please
also supply their job titles.
3. How much time have RNZ employees/associates spent accessing the files.
4. Please detail the scope of the files RNZ employees/associates have had
access to:
the number of files, the total file size, type of files (e.g email,
report, notes) and document titles (if they don't breach the privacy of
individuals).
5. Please supply any memos, emails or policies relating to RNZ
employees/associates accessing, using, publishing information from the
files
6. Please supply any information relating to how RNZ has (or intends to)
remove the files and associated information from its information systems
(physical and digital).
7. Please supply any information relating to RNZ employees/associates
making contact with those people identified in the documents (e.g. are you
letting individuals know you've read their files)
Yours faithfully,
Gareth Watkins
-------------------------------------------------------------------
This is an Official Information request made via the FYI website.
Please use this email address for all replies to this request:
[4][FOI #16253 email]
Is [5][RNZ request email] the wrong address for Official Information
requests to Radio New Zealand Limited? If so, please contact us using this
form:
[6]https://fyi.org.nz/change_request/new?bo...
Disclaimer: This message and any reply that you make will be published on
the internet. Our privacy and copyright policies:
[7]https://fyi.org.nz/help/officers
If you find this service useful as an Official Information officer, please
ask your web manager to link to us from your organisation's OIA or LGOIMA
page.
-------------------------------------------------------------------
CAUTION: This email originated from outside of the organization. Do not
click links or open attachments unless you recognize the sender and know
the content is safe.
Emails sent by Radio New Zealand Limited (RNZ) or any related entity,
including any attachments, may be confidential, protected by copyright
and/or subject to privilege. If you receive an email from RNZ in error,
please inform the sender immediately, delete it from your system and do
not use, copy or disclose any of the information in that email for any
purpose. Emails to/from RNZ may undergo email filtering and virus
scanning, including by third party contractors. However, RNZ does not
guarantee that any email or any attachment is secure, error-free or free
of viruses or other unwanted or unexpected inclusions. The views expressed
in any non-business email are not necessarily the views of RNZ.
www.rnz.co.nz
References
Visible links
1. https://www.rnz.co.nz/assets/cms_uploads...
2. mailto:[FOI #16253 email]
3. mailto:[email address]
4. mailto:[FOI #16253 email]
5. mailto:[RNZ request email]
6. https://fyi.org.nz/change_request/new?bo...
7. https://fyi.org.nz/help/officers
hide quoted sections
Things to do with this request
- Add an annotation (to help the requester or others)
- Download a zip file of all correspondence