Story image

Computer Lounge online store hit by security breach

05 Nov 18

Auckland-based online computer parts store Computer Lounge has been affected by a security breach.

According to a report from Reddit user Brian McCarthy, the vulnerability had existed for months, but the company had failed to act on it until recently.

The vulnerability could have allowed somebody to extract personal information from the website, however the company says that no credit card details or passwords were compromised. Personal information can still be used for identity theft or be put up for sale on cybercrime marketplaces.

A notice published on the company’s website last weekend admits that Computer Lounge doesn’t know ‘the full extent of the data leaked’, but it is working with a team of data forensics specialists to find out.

“We take full responsibility and would like to assure the public we have done everything in our power to not only right this wrong, but to ensure that such an incident does not happen again,” the notice says. 

“We took down our website to ensure that any impact on our customers was minimised, and are we working with a new team of web developers to develop an updated, robust website, and look forward to sharing this with you very soon.”

Computer Lounge is working with CERT NZ, the Police and the Privacy Commission to mitigate the issue and minimise impact on customers.

A notice posted on Sunday November 4 says: “We would like to reassure our customers that while the site was down we have pushed updates which have fixed the vulnerability. We will keep you posted with any further updates should they be required.”

A number of high-profile security breaches involving New Zealand firms have hit the headlines this year, proving the old adage of ‘it’s not a case of if, but when’.

Earlier this year Z Energy announced that its Z Card online database was ‘accessed by a third party’ back in November 2017.

The third party may have accessed customer data but not bank information or anything that affects customer finances.

“Z takes its data privacy responsibility and threats to cyber security very seriously and is taking steps to ensure that the company learns from this incident,” the company stated at the time.

Vector’s Outage app was also breached this year. It leaked information belonging to 24,000 customers including names, emails, and postal addresses.

Facebook, Ticketmaster, TimeHop, and even the PyeongChang Winter Olympics have been affected by breaches this year.

Hillstone CTO's 2019 security predictions
Hillstone Networks CTO Tim Liu shares what key developments could be expected in the areas of security compliance, cloud, security, AI and IoT.
Can it be trusted? Huawei’s founder speaks out
Ren Zhengfei spoke candidly in a recent media roundtable about security, 5G, his daughter’s detainment, the USA, and the West’s perception of Huawei.
Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."
Updated: Chch crypto-exchange Cryptopia suffers breach
Cryptopia has reportedly experienced a security breach that has taken the entire platform offline – and resulted in ‘significant losses’.
Sophos hires ex-McAfee SVP Gavin Struther
After 16 years as the APAC senior vice president and president for McAfee, Struthers is now heading the APJ arm of Sophos.
Security platform provider Deep Instinct expands local presence
The company has made two A/NZ specific leadership hires and formed several partnerships with organisations in the region.
Half of companies unable to detect IoT device breaches
A Gemalto study also shows that the of blockchain technology to help secure IoT data, services and devices has doubled in a year.
Stepping up to sell security services in A/NZ
WatchGuard Technologies A/NZ regional director gives his top tips on how to make a move into the increasingly lucrative cybersecurity services market.