Archived content: This media release was accurate on the date of publication. 


An isolated ransomware attack occurred on 21 July at the Search and Rescue Base at Aoraki/Mount Cook.

Date:  20 August 2021

Department of Conservation Deputy Director General Corporate Services Rachel Bruce says DOC will be in contact with 11 people whose personal information may have been compromised in a ransomware attack.

“An isolated ransomware attack occurred on 21 July at the Search and Rescue Base at Aoraki/Mount Cook.

“The Search and Rescue (SAR) base is a standalone network with no connection to the DOC corporate network. As a result of the malware, staff were unable to access shared files that had been encrypted. 

“Information relating to DOC staff at the SAR base as well as individuals who have been assisted through DOC operations may have been accessed and downloaded by the attackers prior to the information being encrypted.

“We took immediate action once we became aware of the attack. All 5 devices on the standalone network were immediately isolated and sent to third-party forensic analysis specialists to determine what data had been compromised.

“Business continuity plans for the SAR base were activated and the SAR team was able to remain active and operational without these devices. Within four working days of the incident the team received replacement devices.

“Appropriate government agencies including the Office of the Privacy Commissioner were notified and are being kept updated. The Department followed advice and guidance from these agencies.   

“We are awaiting results from the forensic analysis and a review of documents to determine the privacy impact.

“We are working with the Office of the Privacy Commissioner, the Chief Information Security Officer and Privacy Officer at New Zealand Police and the Rescue Coordination Centre.

“We have identified 11 of the 92 operations where the information included in the breach is likely to include sensitive information about the individuals involved and therefore notification will be required under the Privacy Act 2020. Some of these individuals were tourists and likely reside overseas.

“We are currently in the process of contacting these individuals and advising them that their personal information may have been compromised. We will provide appropriate support to any of the people who require it.

“We have isolated the SAR network. No other parts of DOC network or IT systems were impacted, and we continue to make improvements including ensuring staff are well informed of the constant risk of cyber-attack,” says Rachel Bruce.

Note: Anyone who is concerned their information may have been affected can email


For media enquiries contact:


Back to top