Auckland — McKay, the engineering firm behind major government infrastructure projects, has confirmed a security incident involving the theft of internal company files.
The breach includes documents related to classified government projects. Among them are technical schematics for Waikeria Prison, where McKay served as the lead electrical contractor.
The company states that the investigation is ongoing. Officials are working with cybersecurity specialists to determine the full scope of what was taken.
What We Know
McKay handles automation systems, power distribution, and security infrastructure for government facilities. The stolen files reportedly include:
– Perimeter control schematics
– Power network documentation
– High-security wing infrastructure plans
These are not general design files. They are technical documents used during construction and systems integration.
What This Means
Security experts say the breach highlights a growing vulnerability: contractors with deep access to state assets often have weaker digital defenses than the government agencies they serve.
When documents like these are exposed, the risk isn’t just corporate. It’s operational. Someone with the right technical knowledge could use the files to study facility layouts, identify potential failure points, or plan disruptions.
What McKay Is Doing
McKay issued a statement saying they take the incident seriously. They have engaged an external cybersecurity firm to assist with containment and review. Access to affected systems has been restricted.
The company also noted that they are in communication with government partners about the incident. No operational disruptions have been reported at any facilities tied to the compromised documents.
The Bigger Picture
This is not an isolated case. Over the past several years, contractors in defense, energy, and corrections have become frequent targets. They hold detailed technical data but often operate with fewer security resources than the agencies they support.
For McKay, the challenge now is two-fold: managing the fallout from this breach and re-evaluating how digital security is handled across their operations.
The investigation is expected to take several weeks. More details may be released as they become available.
