Neighbourly, the community social network owned by Stuff Group, has confirmed a cyber incident that led to unauthorised access to member information in New Zealand.
In an email sent to users around midday on Jan. 3, the platform said “some data from registered users had been breached” following a security incident involving its systems. The company said it temporarily took the site offline while it investigated the incident and worked on restoring its systems. “We are now satisfied that the breach was quickly contained, and we have restored the Neighbourly site and services,” the communication to members stated, as reported by 1News.
According to that notification, the information accessed without authorisation included names, email addresses, GPS coordinates, some phone numbers, public forum posts, and direct member messages. The company said login credentials were not included in the compromised data set, but “some publicly advertised event and business addresses were included.” Neighbourly said it intends to pursue legal remedies in response to the theft and potential misuse of information. “Following best practice, we will look to seek a court injunction against any use of the material,” it said. For cyber insurers and brokers, the incident raises questions about privacy exposure, potential claims from affected users, and the extent of cover for legal and response costs tied to efforts to limit the spread and use of stolen data.
Neighbourly has since obtained a High Court order aimed at restricting the circulation and use of the stolen information. Judge Johnstone of the High Court in Auckland granted an injunction preventing people from accessing or using data taken in the breach. A company spokesperson said the platform was taken down as part of confirming the extent of the compromise and identifying the source of the unauthorised access. The spokesperson said the organisation is working with government agencies and external security firms as it responds to the incident. “Neighbourly is now focused on working with authorities including the National Cyber Security Centre on any next steps, and will continue to publish information for members on how to avoid scammers who are particularly prevalent at this time of year,” the spokesperson said, as reported by Stuff.
Activity linked to the incident has reportedly surfaced on criminal marketplaces. Dark web monitoring site Daily Dark Web said a “threat actor” had attempted to sell information allegedly connected to Neighbourly. “A threat actor has listed a massive database allegedly belonging to the platform for sale,” the website reported. For the insurance sector, the case shows that a breach at a community or consumer platform can move from a technical incident to legal proceedings, regulatory scrutiny, and potential notification obligations under privacy and cyber policies.
The Neighbourly breach comes soon after a separate attack on major patient portal Manage My Health (MMH), in which threat actors accessed personal health documents for about 120,000 people. The group behind the attack initially demanded around $104,000 and threatened to sell or release stolen records if payment was not made. According to reporting by Stuff, the attackers began posting samples of sensitive files on the dark web and said they would release “everything they have” if they were not paid within 48 hours. That first deadline passed at 5:37am on Jan. 6. The attackers later said they had entered discussions with MMH and would “not share the files during the communication period,” while setting a new deadline of 5am on Jan. 9. MMH has not publicly stated whether it intends to pay.
In a Jan. 6 update, MMH said an independent forensic review concluded that the incident was limited to the “My Health Documents” module of the system. The company reported that approximately 6% to 7% of 1.8 million registered users of that module had documents accessed. Data within the portal’s core module – including appointments, prescriptions, and Health Record information – was not accessed, according to MMH, with external specialists reporting no evidence of unauthorised activity in those core functions. From an insurance perspective, the MMH case involves several areas of potential exposure: privacy and regulatory response costs, liability linked to sensitive health data, business interruption, and the treatment of ransom demands, negotiations, and any associated service providers under cyber policies.
Recent research and official data indicate that the Neighbourly and MMH breaches are occurring in a region already experiencing elevated levels of cyber activity. A global survey commissioned by security vendor Arctic Wolf found that 85% of responding organisations in Australia and New Zealand reported at least one cyber incident in the previous year, compared with 76% of respondents worldwide. Nearly three-quarters of local organisations that received ransomware demands said they paid at least one ransom to prevent data exposure, and 91% of those that paid used external negotiators. Fewer than half reported securing any reduction in the initial demand.
The National Cyber Security Centre’s (NCSC) Cyber Security Insights report for the third quarter of 2025 (Q3 2025) recorded 1,249 incident reports between July 1 and Sept. 30, 2025. Direct financial losses reported to the NCSC reached $12.4 million for the quarter, a 118% increase from $5.7 million in the prior quarter, driven by a small number of high-value cases involving unauthorised or falsified money transfers.
The NCSC said 110 incidents were escalated for specialist technical support because they were considered of potential national significance, compared with 56 such incidents in the previous quarter. Reports involving malicious software also increased, while scams and fraud remained the most frequently reported incident category. The agency noted a 50% rise in scams linked to employment and business opportunities.
For New Zealand insurers, reinsurers, and intermediaries, these patterns point to continuing pressure on cyber pricing, sublimits, retentions, and underwriting standards, particularly for organisations that hold large volumes of personal, financial, or health data. The incidents are also likely to shape how insureds approach incident response planning, their engagement with brokers and carriers during a cyber event, and their alignment with guidance from the NCSC and other authorities.
