Cyber incident
NZ Citizen made this Official Information request to Auckland University of Technology
The request was refused by Auckland University of Technology.
From: NZ Citizen
Dear Auckland University of Technology,
On the 22nd of September 2023, a cyber attack on AUT was reported in the media. There was also a notification of such incident in the AUT Student app. StuffNZ reported that the ransomware group called "Monti" claimed responsibility for this incident, and is threatening to release the data next month.
I kindly request the following information regarding this situation.
1. What information appears to have been targeted and/or obtained by the Monti group?
2. Have the students or facility members who have, or are likely to have, had their information breached been made aware of this likelihood?
3. How did the Monti group gain access to these systems? More specifically, what exactly what exploited? For example, was this the affect of a Trojan horse, brute force attack, a physical exploitation etc.
4. With regard to question 3, what, if any, measures have been taken to ensure such incident does not occur again?
5. Does AUT intend to pay a "ransom" to the Monti group to ensure such data is not leaked?
6. If possible, please provide a sequence of events regarding this incident with the time of attack, the time the attack was noticed by staff, the time when steps were taken to prevent/stop the attack and/or anything relevant to this situation.
Finally, in accordance with section 12(3) of the Official Information Act 1982, I am requesting this release of information to be treated as a matter of urgency for the following reasons:
1. There is significant media interest in this incident.
2. As there is a potential breach of information, it is highly important that the facts of this incident are released without delay.
3. The Monti group has threatened to release the data breached in this incident next month.
Yours faithfully,
NZ Citizen
From: NZ Citizen
Dear Auckland University of Technology,
I requested this to be responded to with urgency, and I have not received any confirmation you have received my OIA request. I quote the request regarding urgency below:
"Finally, in accordance with section 12(3) of the Official Information Act 1982, I am requesting this release of information to be treated as a matter of urgency for the following reasons:
1. There is significant media interest in this incident.
2. As there is a potential breach of information, it is highly important that the facts of this incident are released without delay.
3. The Monti group has threatened to release the data breached in this incident next month."
When can I expect my OIA request to be responded to, and why was this not handled under urgency as requested?
Yours faithfully,
NZ Citizen
From: Alison Sykora
Auckland University of Technology
Kia ora
Please find attached response to your OIA request.
Yours sincerely
Alison
From: NZ Citizen
Dear Alison Sykora,
I do not accept that this is justified. I will be complaining to the Ombudsman.
If you are to reconsider, please let me know urgently.
I also do not think it’s suitable it took this long to receive a response for you to simply deny it.
Yours sincerely,
NZ Citizen
Things to do with this request
- Add an annotation (to help the requester or others)
- Download a zip file of all correspondence
Offensive? Unsuitable?
Requests for personal information and vexatious requests are not considered valid requests for Official Information (read more).
If you believe this request is not suitable, you can report it for attention by the site administrators
Report this request