A March cyber attack on the Hutt City Council – that originated from a staff member responding to a phishing email – has exposed the identity and financial information of hundreds of people to hackers

By Justin Wong of Local Democracy Reporting

The council has confirmed the phishing attack compromised the identity information of five people and 732 people might have had financial information compromised through email correspondence.

It declined a Local Government Official Information and Meetings Act request by Local Democracy Reporting for the full public-excluded report on the incident submitted to the Audit and Risk Subcommittee meeting on Tuesday.

However, it revealed on Wednesday that the attack originated from a staff member responding to a phishing email, which gave attackers access to “a small number” of email accounts. They sent malicious internal and external emails and triggered the council’s cyber security incident response.

“Once identified, the immediate risk was contained within a short period, although investigation and assessment of the impact has continued over subsequent days.”

It called the March incident "deeply regrettable", adding all those affected had been contacted and notified of the steps to be taken in response.

"We unreservedly apologise to anyone affected by this attack. Any exposure of personal information is not acceptable," the council said.

"As criminals use AI to carry out more frequent and sophisticated attacks, they can automate scams, avoid detection, and adapt to security measures. This makes strong monitoring, quick response, and clear reporting essential to protect our systems."

Chief executive Jo Miller said on Wednesday the council had reported the incident to the Office of the Privacy Commissioner.

"We are sorry this has occurred and acknowledge the concern it may have caused. It’s a reminder to us of the need to handle data with sufficient care. We want to reassure the community that additional safeguards have been put in place and system security strengthened.

"We have brought forward our work programme that includes further mitigations to protect council information and prevent any further attack of this nature."

– Local Democracy Reporting is local body journalism co-funded by RNZ and NZ On Air

New ZealandPoliticsWellington

SHARE ME

More Stories

TVNZ Political Editor Maiki Sherman.

TVNZ's political editor suspended from Parliament

Parliament's Speaker Gerry Brownlee made the ruling this afternoon.

4:41pm

Reserve Bank governor Dr Anna Breman.

Major change coming to Reserve Bank's OCR decisions

Reserve Bank governor Dr Anna Breman said the agreement to update the committee's charter is part of a wider effort to increase transparency at the Reserve Bank.

12:02pm

Winston Peters and Christopher Luxon in 2025

Clark wonders if coalition will 'last much beyond the Budget' amid Iran spat

Her comments came after Luxon and Peters held talks following the release of emails over New Zealand's stance on the US-Israeli bombing of Iran.

10:09am

8:46

The morning's headlines in 90 seconds, including rumours of crisis talks in the coalition, and why Donald Trump's talking about UFOs.

News in 90 Seconds April 30

The morning's headlines in 90 seconds, including rumours of crisis talks in the coalition, and why Donald Trump's talking about UFOs.

9:08am

1:30

Karen Wardill, pictured with her husband Greg, started a petition calling for a crackdown on dangerous driving in Mount Maunganui..

'Dangerous and noisy': Mount residents push for boy racer crackdown

Resident Karen Wardill has more than 1250 signatures for her petition calling on authorities to crack down on "boy racers" cruising main streets at the Mount.

9:08am

1:30

Christopher Luxon and Winston Peters. Photo: RNZ / Samuel Rillstone

Luxon, Peters hold talks after emails reveal clash over NZ's Iran war stance

The Prime Minister says he called Winston Peters to his Beehive office on Wednesday night where he told him he expected better political judgement from his foreign minister.

8:18am

9:22

Latest

Popular

7:30pm

Experts warn of rising lead risks in Africa's solar energy boom

A man walks along an alley in Owino Uhuru village, an informal settlement in Mikindani, Mombasa County, Kenya, on April 10, 2026.

7:25pm

Nearly 200,000 misled by City Fitness membership prices - Comm Comm

City Fitness St Lukes, Auckland. (Source: Google Maps)

6:30pm

Hunt for abductor ramps up after tragic discovery in Outback

Sharon Granites, 5, has been missing since Anzac Day. (Source: NT Police)

6:16pm

French teen charged in Singapore over vending machine straw-licking

Plastic straws (file image).

5:39pm

Pharmac 'actively managing supply issues' for two forms of HRT

A hormone replacement therapy (HRT) oestrogen patch on a person's arm (file image).

5:00pm

Where will oil prices go now the UAE is leaving OPEC?

2:37

An oil technician climbs down a tower at a refinery in Jebel Ali, United Arab Emirates, about 30 kilometers (18 miles) south of Dubai, in March 2004.
1
2
3
4
5
6

More from Entertainment

Broadcaster Polly Gillespie was the second eliminated from the show's seventh season.

Classic Polly Gillespie - injury mishap ends her Celebrity Treasure Island dream

Her island stumble marked only the latest chapter in a lengthy catalogue of very Polly-style chaos.

6:00am

Sam Neill

'I was on the way out': Sir Sam Neill says he's cancer free

Sir Sam credited his status to an experimental form of treatment, calling it "science at its best".

Wednesday 12:14pm

The radio host likened the experience of being on Celebrity Treasure Island to being "in prison" because of how quickly the cast bonded with one another. 

Simon Barnett: 'I legitimately hate watching myself back'

Wednesday 8:26am

Rebel Wilson arrives at Federal Court in Sydney on April 28, 2026 in Sydney, Australia.

Smiles as Rebel Wilson set to testify in fight with co-star

Tue, Apr 28

Simon Barnett is a team captain.

Simon Barnett shares emotional reunion in Celebrity Treasure Island premiere

Tue, Apr 28