Burgled, hacked, and impersonated: An Airbnb owner's nightmare, and a police U-turn

Friday, 5 June 2026

Two suspect vehicles caught on CCTV entering and exiting a Christchurch property where burglars stole a woman's identity and used it to try to defraud Inland Revenue.

A woman who hired a Christchurch Airbnb and threw a party that had to be shut down by police apologised for the incident.

Three weeks later the house was burgled and the homeowner’s identity was stolen and used to try to defraud Inland Revenue.

Police initially stated they could not follow up due to staff shortages, but launched an investigation after Stuff enquiries.

Solving stuff is where we investigate reader complaints and push for answers. You can read more about the project here, and submit your story for consideration at the end of the article.

In this instalment: Weeks after an unauthorised teen’s birthday party at a Christchurch Airbnb, thieves targeted the property and stole thousands of dollars of high-end goods. But, as Natalie Akoorie reports, that wasn’t the end of it.

The problem

A Christchurch couple who rented their home out on Airbnb while they lived with family, were dismayed when the Huntsbury house was burgled.

But that was only the start of their problems.

On May 22, the wife received a call from a neighbour to say the front door at the house was wide open, she said.

Jane, not her real name, discovered a locked cupboard had been broken into.

Expensive bottles of alcohol, designer clothing, handbags and shoes, and the couple’s Dyson vacuum cleaner were missing.

All up Jane estimated about $20,000 of loss.

That same afternoon, Jane began receiving alerts from Inland Revenue (IR) that her user name and email address on myIR had been changed.

The email was changed to a Gmail address using the distinctive name (right down to the middle initial) of a senior Westpac New Zealand employee.

The next day Jane noticed a $900 payment to an online business on one of the couple’s bank accounts.

On May 27, after reporting the burglary to police, Jane went into an IR branch to report the hack on her myIR profile.

“The woman looked at me and said, ‘Have you just had a $12,000 payout?’ and I said, ‘No I have not’.”

What went wrong

Jane said an IR fraud team opened an investigation and found a woman claiming to be Jane called IR 27 times between May 22 and May 25.

“She made up a story that I had a brain injury, and that my husband had left me and I was the sole provider for our two children but I couldn’t work because I had a head injury.”

Jane said IR told her the identity thief claimed Jane had been a solo mother for four years and that she was entitled to back pay under Working for Families, which Jane said she’d never been entitled to previously.

“How did the IRD not verify any of the information this woman provided or conduct any sort of investigation?

“… if they had looked at my taxes they would have seen that I had in fact been working all through the years this woman said she hadn't.”

Inland Revenue could not answer a list of detailed questions about what happened when the identity thief posed as Jane.

The imposter managed to circumvent IR’s security checks with another lie, according to Jane, who had voice authentication set up.

“[IRD told me] how she passed their voice authentication is that she (said she) has long Covid and her voice had changed.”

The imposter would have even had to guess the pronunciation of Jane’s unusual surname.

“This person obviously knew what they were doing. I was quite shocked. Somebody stealing your identity is very distressing.”

Jane asked to listen to the calls in case she recognised the woman’s voice but told Stuff she was told IR could not breach the suspect’s privacy.

“So we have to protect her privacy while she breached mine. The whole thing is ludicrous.”

Jane said a man and a woman also tried to hack the couple’s ANZ bank accounts but couldn’t pass the bank’s voice authentication security check.

She reported the fraud to police, who had already been to the burgled house and taken fingerprints.

Jane discovered through her neighbour’s CCTV that the burglary took place between 2am and 5am and that the suspects returned again at 2.30pm that same day.

“We live in a cul-de-sac and there’s never been a burglary there so I think these people must have been prior (Airbnb) guests.”

She said there was no forced entry and she believed the burglars “let themselves in” with a key, which could have been accessed via the guest key lockbox.

Jane said the CCTV footage showed two vehicles entering and exiting the property several times and she gave a registration number to a police officer.

“And he said, ‘You didn’t hear this from me but this car is registered to a Christchurch address and the person is known to police for these types of offences’.”

Jane said she was told to expect a call but instead she received an email a week after the burglary from the Christchurch Tactical Crime Unit saying they could not investigate.

Police initially told the homeowner they couldn’t investigate because they were short-staffed and busy with a homicide.

“I’m sorry for the bad news. We get around 300-350 files a month that we must triage among a team of 10,” the email, seen by Stuff, said.

“At the moment, due to staff shortages, and commitments to a homicide enquiry over the next two weeks, we have no staff to action any complaints.

“We are also not able to hold a file until we have the capacity as the backlog that would create would be unmanageable.”

The emailer apologised and said the information Jane supplied would be held on file in case the suspect was arrested on other matters.

Jane pointed out to police the suspect had not only stolen from her, but from the taxpayer, but was told the decision was final.

“I just think this is so ridiculous,” she said. “I felt so unprotected by the police.

“If it’s happening to me I bet it’s happening to hundreds of other people and it’s really just showing that the police are not resourced enough.”

By contrast, Jane said the IR fraud investigator had been excellent and she believed IR had managed to reverse the payment made to the imposter.

Jane said the burglary was only a few weeks after the house was booked on Airbnb and used for an unauthorised party.

Jane said a few weeks before the break-in a young woman hired the house and threw a party, despite this not being allowed.

Gatecrashers turned up and “it all got very ugly and an ambulance turned up and the police”, Jane said.

Now she wondered whether a party guest took a key or the lockbox code and was responsible for the crime.

Jane said the burglary wasn’t covered by home and contents insurance because she and her husband didn’t realise they were supposed to change their insurance to cover the property as a rental.

She said the experience had put them off short-term renting and they were now planning to have a long-term tenant in the house.

The most upsetting part of the ordeal, Jane said, was the theft of a precious box of keepsakes she’d collected over the years for her two young children including their baby books, hospital birth tags, cards received when they were born and an engraved Tiffany & Co comb from a Godfather.

“The things in those boxes are priceless to me and I never imagined people would steal that sort of stuff.”

What we did

Stuff sent detailed questions to Inland Revenue with a privacy waiver from the victim but the agency said it could not comment on the private tax affair of any taxpayer.

However, a spokesperson confirmed IR used voice biometrics in its call centre - a technology that created a unique voiceprint for each customer by analysing distinct vocal characteristics.

“When a customer phones our call centre their live voice is matched against this voiceprint to verify their identity.

The first ute leaves the burgled house in the middle of the night with a load of goods.

“It’s part of a broader, layered security approach, which enhances fraud protection.”

The spokesperson said IR actively monitored and continually assessed and responded to emerging risks and threats.

“Through March Inland Revenue noticed a significant uptick in attempts to access myIR accounts.

“This included multiple automated attempts to guess account username/passwords, as well as using stolen credentials either gathered from infostealers (malware running on mobiles and devices that harvest saved passwords and sent back to criminal groups) or stolen devices.”

She said if personal devices were stolen, and they had passwords saved on them for myIR or other sites, a thief would be able to use the devices and stored passwords to access a customer’s account.

We also called and emailed the young woman who had the party at the Airbnb a few weeks before the burglary.

The woman, who Jane understood was turning 18, sent an email to Jane after the party - seen by Stuff - apologising for disrespecting the property.

“As soon as I was told to leave, I tried to do so and respect that as that was the least I could do, but I had unexpected people show up and would not leave the property (sic),” she wrote.

“I tried my best to get them to leave that I ended up calling the police on them (sic).”

A woman who rang Stuff claiming to be the teenager’s friend, contradicted the email, saying there were only about 15 people at the party and they were all known to the host.

She said the pair were unaware of the burglary and knew nothing about the stolen identity.

An unknown SUV arrives at the property in the afternoon. A neighbour later found the door to the house wide open.

She added they would happily co-operate with the police if necessary.

An ANZ spokesperson said the banks’ customer protection systems worked as intended and the customer suffered no financial loss.

“The caller who attempted to access the customer’s account failed to pass ANZ’s voice authentication system and this was noted on the account.

“One unauthorised transaction was made using the customer’s debit card. This was reported by the customer and fraud notification processes were followed.”

The transaction had been reimbursed in full, he said.

The spokesperson said in the six months to the end of March, ANZ prevented and recovered more than $33.7 million in fraud and scam transactions.

Meanwhile, Stuff also Googled the name used in the bogus Gmail address for the myIR hack and discovered it belonged to a senior Westpac employee, who has an online profile.

We alerted Westpac who confirmed it was a fake email address and their employee was not involved in the fraud, and was unaware his name had been used in the email.

Stuff also wrote to that email address asking to speak to its creator, and rang a number they provided IR, which went straight to a mail box without the ability to leave a message.

Did we solve it?

It was only after Stuff sent questions to police asking whether it was good enough not to investigate a crime because of under-resourcing, that a detective rang Jane.

In a statement to Stuff, acting Canterbury District Commander Inspector Greg Murton said he had reviewed the case and it had been referred for follow up “given the lines of enquiry that exist”.

“I have also personally spoken with the Fraud team supervisor to ensure it is given priority,” Murton said.

“The victim was contacted by the Fraud team supervisor yesterday (Wednesday) and advised that her case is now being actively investigated.

“We acknowledge the wording of the message sent to the victim likely compounded the distress this matter has caused her.”

Murton said police recognised the significant impact crimes such as fraud and identify theft had on victims and worked diligently to assess and investigate such reports.

Jane, who did not want her real name used because of the identity theft, said she offered police multiple chances to change their decision not to investigate and was grateful Stuff’s enquiries had made a difference.

“Thank you for making them take notice but I do feel for the people that don’t have the luxury of being able to talk to a journalist.”

The New Standard: If it’s unfair to you, it’s fair game for us.

Use the form below to tell us who is giving you the runaround. Or email natalie.akoorie@stuffdigital.co.nz