Media statement: PCANZ affected by cyber incident

7 December 2022

“On 30 November, Mercury, the external IT provider for the Presbyterian Church of Aotearoa New Zealand national office, told us that it was the victim of a cyber-attack. It is currently not known what Presbyterian Church information may be affected. Fortunately, only some of our IT networks have been impacted and we are able to continue our work,” says the Presbyterian Church’s Assembly Executive Secretary, Rev Wayne Matheson.
 
“Mercury has advised us that they are working with their forensic experts and Government agencies to understand the nature and extent of the impact on us.  
 
“We do not know yet if Church data has been compromised, but we know in these kinds of attacks this is a possibility and we await more information. We are limiting our public comment on this matter as we do not wish to provide information to those behind this attack; we will share more information when we are able." 
 
“We take our responsibility to protect the privacy and confidentiality of information on our 400 plus churches and 30,000 members extremely seriously. We have taken steps to get impacted systems back up and running, we are taking advice from external advisors, and we are pursuing updates from Mercury IT as they find out more. We have notified the Office of the Privacy Commissioner and the New Zealand Government’s Computer Emergency Response Team (CERT NZ) about this incident." 
 
“We have let our churches know the unsettling news that our data may be affected, and we are keeping them updated."  
 
“We have used this incident as a timely reminder of the need for good personal cyber security for all of us."  
 
“We pray that those responsible for this attack will undo any damage they have done. Forgiveness is an important teaching in our Church,” says Rev Wayne Matheson. 
 
ENDS.