New Zealand’s Commerce Commission Possible Data Breach Over Stolen Laptop


New Zealand’s Commerce Commission (ComCom) is caught up in a serious security concern after a laptop containing over 200 meeting and interview transcripts carried out by the office was taken in the burglary.

In a statement released on Tuesday, Oct 8, the Commission said it was notified about the theft last week and that the laptop belonged to an “external provider” who doesn’t use password protection.


“The Commission was informed last week that more than 200 meetings and interview transcripts across a range of the Commission’s work were contained on computer equipment stolen in a burglary. The transcripts may date back to early 2016 and contain some confidential information businesses and individuals have provided the Commission,” the statement revealed.

In a media interview, Commerce Commission chair Anna Rawlings said the Commission is currently working with the authorities and is reaching out to those who are potentially affected by the theft.

New Zealand’s Commerce Commission Data Breach


Some of the information affected by the breach are said to include sensitive data and is subject to a confidentiality order issued by the Commission under section 100 of the Commerce Act.

“This makes it a criminal offense for any person in possession of the devices or information from the devices to disclose or communicate it to anyone while the orders are in force. We are also exploring other potential legal avenues to help protect the confidentiality of the information,” said Chief Executive Adrienne Meikle in the release.

“We will also no longer be using the external provider. It was subject to contractual and confidentiality obligations to ensure that information was stored securely and deleted after use. The provider has informed us it did not meet these obligations,” she added.

To date, the total number of individuals included in the breach is not yet disclosed. The Commission also refused to name the company provider responsible for the stolen equipment as it may affect the police investigation and privacy of people possibly affected by the breach.

“While this breach has resulted from criminal activity and our provider failing to meet the obligations we placed on it, it is our job to keep sensitive information safe and we apologize unreservedly to those affected. We acknowledge the distress this incident may cause businesses and individuals who have provided information to us in confidence,” Chief Executive Meikle added.

The Commission also advised businesses and individuals interviewed by the office since 2016 to contact them as soon as possible.