The Canterbury Earthquake Recovery Authority has increased its online security after malicious software was discovered embedded in its website in July.
A spokesperson said the bug got into the system via an IT supplier's account, which had been attacked.
The software searched for personal details like credit card numbers - however, the authority does not have any information like that on its website.
Its systems have since been reviewed and changed to tighten online security.
The spokesperson said IT suppliers have assured the authority their own security is robust and regularly reviewed.