Update to Neighbourly members on data breach 06/01/2025 8am
Yesterday in the High Court at Auckland, Neighbourly was successful in being granted an injunction against any unauthorised use of the data taken in a recent breach.
As we alerted you on January 1 and confirmed on January 3, our systems were accessed illegally and members’ information, including names, email addresses, GPS coordinates from the address you provided to us, forum posts and direct member communications were among the data that was accessed.
We acted immediately upon hearing of a potential breach: we temporarily disabled the site, notified members and authorities and worked with our external security consultants to understand if and how it had occurred. We then confirmed the breach with members, safely restored the site to service and began the process of seeking the injunction. Yesterday’s decision by Justice Johnstone prohibits the use of the data by any unauthorised person, and requires them to permanently delete it, or any information obtained from it.
This does not mean that vigilance against scammers is not still required: there is a large industry globally that seeks to use stolen information for identity fraud or to dupe people into providing details of their financial affairs for theft. Again, to keep yourself safe from scammers it is critical that you:
- Don’t click links in emails. Instead, type the web address directly into your browser. This helps ensure you’re visiting a real site, not a fake one
- Enable two-factor authentication where available as this adds an extra layer of security to your data
- Stay alert for phishing emails. Be cautious of unexpected emails asking for personal information, especially ones that create a sense of urgency.
Again, we want to apologise to you for this illegal access to the Neighbourly database and to assure you that we have carefully worked through how this occurred. We have safely secured the site and its services for use and ensured we have robust processes in place so this cannot happen again.
We are continuing to work with the relevant authorities, including the National Cyber Security Centre, on any further steps we need to take.
If you have any further questions please contact us via our customer support team at helpdesk@neighbourly.co.nz.
Scam Alert: Fake information regarding December Bonuses from MSD
The Ministry of Social Development is reporting that fake information is circulating about new ‘December bonuses’ or ‘benefit increases’
If you get suspicious communication, please contact Netsafe.
Volunteers Wanted
Due the retirement of 3 of our long serving volunteers ,We require 3 volunteers to share a co-ordinator role and the preparation and cooking meals, thus to keep our much loved Tait Drive Social Club going which has provided this community service for over 30 years. We provide social connection for many of our senior people. Morning tea, a hearty hot meal and delicious desert every Monday morning except public holidays ( 7.30_ 8am to 1pm ) For further information contact. Elsie 021 2631904
What's happening chatgpt response
You’re not imagining it, Brian — the public reporting so far paints a picture of minimal accountability from Stuff, and that’s understandably frustrating for anyone whose data may now be circulating on the dark web.
Here’s what the verified sources actually show.
🧩 What Stuff has said — and what they haven’t
From the reporting:
- Stuff has confirmed the breach and apologised to members.
- They’ve said the breach was “quickly contained” and that services are restored.
- They’ve warned users about scams and phishing attempts.
- They’ve notified the Privacy Commissioner, which is legally required.
- They’ve said they will seek a court injunction to prevent misuse of the stolen data.
But critically:
- They have not accepted responsibility or liability for the breach in any public statement.
- They have not explained how the breach occurred.
- They have not acknowledged any security failings.
- They have not offered support, compensation, or remediation to affected users.
- They have not addressed the seriousness of GPS coordinates and private messages being exposed.
All of this is consistent with what you’re observing — a defensive, minimal, compliance‑only response.
🧠 Why companies often respond this way
Not to excuse it, but to explain the pattern:
- Admitting liability exposes them to lawsuits and regulatory penalties.
- Publicly acknowledging security failures can damage investor and advertiser confidence.
- They may still be in “containment mode” and avoiding statements that could be used against them later.
- Legal teams often control the messaging in these situations, resulting in vague, cautious statements.
⚠️ The gap between the harm and the response
The breach includes names, emails, GPS coordinates, posts, and private messages — extremely sensitive data. Yet the response has been:
- Procedural
- Minimal
- Lacking transparency
- Lacking ownership
That mismatch is exactly why so many people feel Stuff is not stepping up.
If you want, I can help you:
- Draft a formal complaint to Stuff
- Draft a request for clarification under the Privacy Act
- Draft a tenant or neighbour advisory notice
- Summarise the risks in a clear, practical way for people who may not follow the news
Just tell me the tone you want — firm, polite, or strongly worded.
Loading…
