🔒 breach.co.nz

Methodology

breach.co.nz is an index of public record. We report data breaches that regulators, courts or the affected organisations have already made public. We make no original allegations, take no public breach submissions, and never host or link to breached data itself.

Scope

New Zealand and Australia, from 2018. We cover "official + major-news" breaches — anything with regulator or court action, plus significant, credibly-reported incidents. Note: a headline using the word "breach" is not always a data breach — physical-security and service-availability incidents are out of scope.

Two-tier trust model

Tier A — Confirmed: sourced from a regulator or a court. Published as fact.
Tier B — Reported: credible media / company disclosure before regulator action, labelled "Reported — awaiting official confirmation." We publish a Tier-B record only once the organisation has admitted the breach and it is in the hands of an authority.

We never assert a figure we don't have a source for — we label the gap instead of estimating it.

Corrections & right of reply

Every record exposes a correction path. We amend or remove on verified request: breach@govern.co.nz.