Saint Kentigern College cyber attack: Auckland private school warns of phishing emails, data breach

Saint Kentigern College. Photo / Jason Oxenham

• Parents and alumni of Saint Kentigern College are warned of a potential data breach and phishing scams.
• Executive trustee Kevin Morris said some data, like names and emails, may have been accessed.
• The school has engaged cybersecurity experts and is investigating the incident with appropriate authorities.

Parents of students and alumni of a top Auckland private school are being warned their data held by the school may have been breached by a cyber attack and people should watch out for email phishing scams.

Saint Kentigern College executive trustee Kevin Morris wrote to the school community, saying the board was aware an email had been received by some “members of our community”.

“Initial findings indicate that some data such as names and emails may have been accessed or exfiltrated. However, we believe that key information has not been compromised but investigation continues,” he said.

“We encourage everyone to remain vigilant and monitor your accounts for any unusual activity. If you notice anything suspicious, please contact our team.”

Another email alert from Morris warned the phishing email “did not come from us”, and urged receivers to delete it immediately.

“If you have already clicked on a link or provided any information, we recommend you take immediate action to protect your information,” he said.

A college spokesperson told the Herald they were unable to go into detail on the situation “for security reasons”.

“We have engaged external cybersecurity experts and conducted a thorough forensic investigation. To the best of our knowledge, we have achieved containment of this incident and believe no significant information has been compromised,” they said.

“We are proceeding with caution and continuing to investigate this closely working with cybersecurity experts and appropriate authorities.”

The Privacy Commissioner said it had been notified of the incident by the Saint Kentigern Trust Board.

“As with any breach, they will need to investigate to fully ascertain the size and scope of the breach and its impact,” a spokesperson said.

“Our focus in this situation is to provide agencies who have experienced a breach with advice on how to minimise the harm on any individuals impacted.”

Police told the Herald they were unable to locate any report of hacking or cybercrime that had been made to them from Saint Kentigern College’s address. However, they noted the matter could have been reported to the Government’s Computer Emergency Response Team (Cert NZ) or the non-profit organisation NetSafe instead.

Raphael Franks is an Auckland-based reporter who covers breaking news. He joined the Herald as a Te Rito cadet in 2022.

Sign up to The Daily H, a free newsletter curated by our editors and delivered straight to your inbox every weekday.