MediaWorks Cyberattack Confirmed: NZ Citizens’ Data Exposed

The , linked to oneERA, compromised 2.46M PII records of New Zealanders.

by Ashish Khaitan March 19, 2024 in Data Breach News, Firewall Daily Reading Time: 3 mins read 0

595 SHARES 3.3k VIEWS Share on LinkedInShare on Twitter

MediaWorks, a prominent media company, has confirmed a cyberattack in a recent update. The MediaWorks cyberattack came to light on the evening of March 14 when the threat claimed the attack on a dark web forum.

The company responded by shifting all current competition entries to a new secure database after claims surfaced regarding a breach affecting data from website competition entries.

In a statement titled “An update regarding MediaWorks' cyber security incident,” the company emphasized its commitment to data security and assured stakeholders that its technology team, in collaboration with external experts, was actively investigating the .

Source: MediaWorks

The company expressed regret for any inconvenience caused and pledged to share more information as it became available.

Decoding the MediaWorks Cyberattack

OneERA, a threat actor operating on the dark web, asserted responsibility for the MediaWorks cyberattack. The breach reportedly resulted in the unauthorized access of a significant 2,461,180 records purportedly containing personally identifiable information (PII) of individuals in New Zealand.

Source: Dark Web

The compromised data, as claimed by OneERA, encompassed sensitive particulars, including full names, addresses, mobile numbers, email addresses, dates of birth, and additional details.

In a dark web post laying claim to the MediaWorks cyberattack, the perpetrator stated, “Guys, we have stolen 2,461,180 New Zealand citizens' data from mediaworks.co.nz. We plan to sell this data, so please contact us as soon as possible if you're interested. The data we successfully stole include: [Citizens' names, home addresses, mobile numbers, email addresses, dates of birth, home phone numbers, user postal codes, user genders, Userlds]”.

Despite this alarming revelation, MediaWorks officials have remained silent on the matter in their public statements, neither confirming nor denying the hacker's claims.

Moreover, on the BreachForums, OneERA publicly advertised the sale of the pilfered PII data, alongside supplementary private materials like survey responses, videos, music content, and electoral information. Dated March 14, 2024, the post delineated the scope of the and urged prospective purchasers to initiate private communication for further details.

The Aftermath of the Cyberattack on MediaWorks 

The aftermath of the cyberattack saw hackers connected to the breach resorting to blackmail tactics. Victims were threatened with the public release of their private information unless they complied with the hackers' demands. According to reports from Newshub, individuals affected by the breach received emails from the hackers, indicating that their data had been compromised.

The hackers, dissatisfied with MediaWorks' response to their initial negotiation attempts, demanded a ransom of US$500 (approximately NZ$820) in Bitcoin to prevent the public disclosure of the data. They warned recipients that time was of the essence, emphasizing the urgency of the situation.

In response to these developments, MediaWorks acknowledged the direct approaches made by the hackers to individuals affected by the breach. The company urged anyone with concerns to reach out to its privacy office at for assistance. 

This is an ongoing story and The Cyber Express will be closely monitoring the situation and has reached out to MediaWorks to learn more about this data breach and the numbers asserted by the threat actors. TCE will update this post once more information is received on the MediaWorks cyberattack or any further notices from the organization. 


Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button