Our cyber security and IT forensic experts have now completed their detailed evaluation of the Accuro information that was illegally downloaded from Mercury IT’s environment.

While we have done our best to identify and notify those members who have had information released online that may put them at risk, it is possible that we have not been able to identify and contact everyone.

We recommend that all members continue to be vigilant for any increase in scams, and check out the advice below which details steps that you can take to protect yourself.

For more information on the cyber incident, see our Customer Updates page.

How to protect yourself from cyber scams:

  • Check the senders email address carefully. A good tip is to check that the text after the @ matches the organisation’s official website. Scam emails also often have spelling and grammatical errors.
  • If someone calls you and you are suspicious, don’t be afraid to hang up and contact your service provider direct through a number on the website. It’s OK to be impolite!
  • Check links in emails, especially any asking for personal information or login credentials. Take note of what is called a ‘Uniform Resource Locator’ or ‘URL’ when on a webpage that is asking for your login credentials. This is located in the address bar of your web browser and typically starts with ‘https://’. If you are suspicious of the address, contact your service provider to ensure the URL is valid.
  • Enable additional protections such as multi-factor authentication for your online accounts (e.g. requiring an SMS/text verification) where possible.
  • Ensure you have up-to-date anti-virus software installed on any device you use to access online accounts.
  • Stay alert for mobile phone carriers indicating that your phone is no longer connected to the network where this is unusual, or you have not instructed your mobile phone carrier to terminate the connection. Where this occurs, we recommend alerting your mobile phone carrier of the issue immediately.
  • Review the New Zealand Ministry of Business, Innovation & Employment's Scamwatch guidance on protecting yourself from scams.
  • Remember that it is always good practice to review and not reuse passwords. CERT NZ provides guidance around good password practice here.
  • Always check your bank statements for unusual transactions.
  • Check your credit report yearly (this alerts you to any attempts to open a credit account in your name).
  • Never open or click on links in emails purporting to be from your bank unless you can confirm the email is genuine (if you can’t it is always safer to call). Please also be aware that Accuro will never email you asking you to confirm or change your bank account, unless you have specifically requested us to do so.
  • For further guidance about protecting your identity, you may wish to visit CertNZ’s Scams and Fraud page or the New Zealand Government's ID Theft guidance page.

We are here to support you

Below are some of the organisations that are here to support you should you have any questions or concerns:


We have engaged IDCARE, New Zealand’s national identity and cyber support community service, who can assist you with advice if you have concerns about your information or are seeking guidance on how to protect your information.

To use IDCARE’s services, please visit the Accuro page on the IDCARE website or you can call IDCARE on 0800 121 068. There is no cost to you for engaging with IDCARE.

Please ensure you quote the following referral code when contacting IDCARE: ACC22 and you will be referred to a case manager familiar with the details of the MercuryIT / Accuro cyber incident.

2. Privacy Commissioner

You may also wish to visit the New Zealand Privacy Commissioner website for further information about your privacy rights and tips to stay protected.