Top storiesNew ZealandPoliticsBusinessEntertainmentSportsWorld

Security sweep for bugs, phones searched after councillor’s hot mic moment

Thursday, 18 December 2025

A screenshot of Wellington City councillor Ray Chung
A screenshot of Wellington City councillor Ray Chung's phone revealed a 40 minute phone call to Graham Bloxham. 'I have no knowledge of the circumstances in which my phone enabled a third party to listen into our training session and was as shocked as all of you when told,' Chung claimed.

New Wellington City councillors had personal phones taken away and searched and a room was swept for bugs after councillor Ray Chung’s hot mic moment.

And, after Chung’s phone was found left open to controversial social media figure Graham Bloxham during a private session, which was live blogged, Chung issued his rationale for what he said was an honest mistake.

“I have no knowledge of the circumstances in which my phone enabled a third party to listen into our training session and was as shocked as all of you when told by [staff] that our training was being live-streamed,” he emailed all fellow councillors.

READ MORE:

The Post in November revealed details of the incident, that saw Bloxham listening in to a private councillor media training session claiming he was hearing derogatory statements about public figures, including Auckland mayor Wayne Brown.

Now the council, under the Local Government Official Information and Meetings Act, has revealed the flurry of activity when council staff became aware the session had been breached.

Screenshots of Chung’s phone, taken after the incident was uncovered, show he answered an incoming call from Bloxham at 11.10am on November 13. The call lasted exactly 40 minutes. It was followed at 12.09pm with a message from Bloxham: “can you talk?”.

Staff became aware of the breach due to Bloxham posting about it online and stopped the session.

Councillor Jonny Osborne said he and councillor Matthew Reweti gave council staff personal and work phones, along with passwords, so they could be checked.

Osborne and Rewiti both said they volunteered the phones but an email Osborne sent to mayor Andrew Little in the aftermath showed frustration with the incident.

“While I’m aware you aren’t responsible for the behaviour of other councillors, I would like to state that I would be extremely disappointed if Cr Chung was aware of this breach prior to both Cr Reweti and I sharing our devices and passwords – both personal and council – with IT staff.”

Council IT staff discovered Chung was the source of the breach when they searched his phone.

That evening, the council got a two-and-a-half hour sweep of the room by an outside security company, at a cost of $1035. It checked for bugs, “electronic counter surveillance” and included a “detailed physical and technical inspection of the working environment”.

An internal staff email the following day noted, “he took photos and noted the number of sockets opened, readings investigated in the ceiling space etc”.

Little texted Chung, councillor Andrea Compton (who had left the session), and Osborne at 1.27pm on November 13, saying he had “just been advised” of the “serious” breach. Compton said it was “quite distressing” while Osborne asked if there were any immediate steps he should take.

The mayor emailed councillors and senior staff at 4.49pm on the day confirming Chung was the breach.

“He indicated he could not understand how the call could have been answered. He said he would have his phone checked again for whether it has a setting allowing automatic answering. On the basis of the information available, I do not see any further action I can take,” Little said.

Chung, who emailed councillors saying he was “taking advice to understand how it occurred” said he had laid a complaint as Bloxham had allegedly said he “hacked my phone”. Chung did not say who he laid the complaint with.

Bloxham previously said it was not a direct phone line that got him access, rather a recording of the meeting that was supplied to him by an outside source.

He claimed that source got legal remote access to the training via a technical backdoor through a publicly available invite. He would not say whose device the backdoor was on.