Cyber incident affecting PCANZ

Please note: access to the national Church database, that updates the PCANZ website search for a minister and parish data, has been affected by the cyber attack and website search results will deliver data last updated on 29 Nov.

Message to the Church: Cyber incident affecting the PCANZ

7 December 2022

Download a pdf copy of this message here.

Greetings
I am writing to you about a matter of concern.
On 30 November, Mercury IT, the external IT provider that our national Church office uses, was the victim of a cyber-attack. The Church is one of a number of their clients impacted. 
Mercury IT does not know what Church information may be affected and as I write they are working with their forensic experts and Government agencies to understand the nature and extent of the impact for us. We do know that some of our IT networks have been impacted. Fortunately, we recently had the foresight to move many of our files to a new IT network and we have full access to this. At this time, we do not know if Church data has been compromised, but we know in these kinds of attacks this is a possibility and we await more information. We were not in a position to share this with you earlier, we will keep you informed as we are updated.  
I assure you that we take our responsibility to protect the privacy and confidentiality of information you have provided to the Church extremely seriously. We have taken steps to get impacted systems back up and running, we are taking advice from external advisors, and we are pursuing updates from Mercury IT as they find out more. We have notified the Office of the Privacy Commissioner and the New Zealand Government’s Computer Emergency Response Team (CERT NZ) about this incident. 

We pray this matter will be resolved quickly. Our national office continues its work however work that requires access to the national database may be affected and we appreciate your patience.
We understand that this is unsettling news for you, your church, and your community and that you may have questions. We will update you when we know more. You can find all updates on this matter on the Church website
The media is reporting on this cyber incident and understandably wants to know more. If you are approached for comment, please direct queries to me.
This incident is a timely reminder of the need for good personal cyber security for all of us. See information on staying safe here and here.
 
Rev Wayne Matheson
Assembly Executive Secretary
Presbyterian Church of Aotearoa New Zealand

Media statement: PCANZ affected by cyber incident

7 December 2022

“On 30 November, Mercury, the external IT provider for the Presbyterian Church of Aotearoa New Zealand national office, told us that it was the victim of a cyber-attack. It is currently not known what Presbyterian Church information may be affected. Fortunately, only some of our IT networks have been impacted and we are able to continue our work,” says the Presbyterian Church’s Assembly Executive Secretary, Rev Wayne Matheson.
 
“Mercury has advised us that they are working with their forensic experts and Government agencies to understand the nature and extent of the impact on us.  
 
“We do not know yet if Church data has been compromised, but we know in these kinds of attacks this is a possibility and we await more information. We are limiting our public comment on this matter as we do not wish to provide information to those behind this attack; we will share more information when we are able." 
 
“We take our responsibility to protect the privacy and confidentiality of information on our 400 plus churches and 30,000 members extremely seriously. We have taken steps to get impacted systems back up and running, we are taking advice from external advisors, and we are pursuing updates from Mercury IT as they find out more. We have notified the Office of the Privacy Commissioner and the New Zealand Government’s Computer Emergency Response Team (CERT NZ) about this incident." 
 
“We have let our churches know the unsettling news that our data may be affected, and we are keeping them updated."  
 
“We have used this incident as a timely reminder of the need for good personal cyber security for all of us."  
 
“We pray that those responsible for this attack will undo any damage they have done. Forgiveness is an important teaching in our Church,” says Rev Wayne Matheson. 
 
ENDS.