Story image

Computer Lounge online store hit by security breach

05 Nov 2018

Auckland-based online computer parts store Computer Lounge has been affected by a security breach.

According to a report from Reddit user Brian McCarthy, the vulnerability had existed for months, but the company had failed to act on it until recently.

The vulnerability could have allowed somebody to extract personal information from the website, however the company says that no credit card details or passwords were compromised. Personal information can still be used for identity theft or be put up for sale on cybercrime marketplaces.

A notice published on the company’s website last weekend admits that Computer Lounge doesn’t know ‘the full extent of the data leaked’, but it is working with a team of data forensics specialists to find out.

“We take full responsibility and would like to assure the public we have done everything in our power to not only right this wrong, but to ensure that such an incident does not happen again,” the notice says. 

“We took down our website to ensure that any impact on our customers was minimised, and are we working with a new team of web developers to develop an updated, robust website, and look forward to sharing this with you very soon.”

Computer Lounge is working with CERT NZ, the Police and the Privacy Commission to mitigate the issue and minimise impact on customers.

A notice posted on Sunday November 4 says: “We would like to reassure our customers that while the site was down we have pushed updates which have fixed the vulnerability. We will keep you posted with any further updates should they be required.”

A number of high-profile security breaches involving New Zealand firms have hit the headlines this year, proving the old adage of ‘it’s not a case of if, but when’.

Earlier this year Z Energy announced that its Z Card online database was ‘accessed by a third party’ back in November 2017.

The third party may have accessed customer data but not bank information or anything that affects customer finances.

“Z takes its data privacy responsibility and threats to cyber security very seriously and is taking steps to ensure that the company learns from this incident,” the company stated at the time.

Vector’s Outage app was also breached this year. It leaked information belonging to 24,000 customers including names, emails, and postal addresses.

Facebook, Ticketmaster, TimeHop, and even the PyeongChang Winter Olympics have been affected by breaches this year.

Survey: IT pros nostalgic over on-prem data centre visibility
There are significant security and monitoring challenges faced by IT staff responsible for managing public and private cloud deployments.
61% of CIOs believe employees leak data maliciously
Egress conducted a survey to examine the root causes of employee-driven data breaches, their frequency, and impact.
Opinion: BYOD can be secure with the right measures
Companies that embrace BYOD are giving employees more freedom to work remotely, resulting in increased productivity, cost savings, and talent retention.
Sonatype and HackerOne partner on open source vulnerability reporting
Without a standard for responsible disclosure, even those who want to disclose vulnerabilities responsibly can get frustrated with the process.
OutSystems and Boncode team up for better code analysis
The Boncode and OutSystems alliance aims to help organisations to build fast and feel comfortable that the work they're delivering is at peak quality levels.
Nuance biometrics fight back against fraud
Nuance Communications has crunched the numbers and discovered that it has prevented more than US$1 billion worth of fraud from being passed on to users of its Nuance Security Suite.
SIS announces a partnership with Platform 4
“We are looking forward to a strong future in the New Zealand security industry with this global giant as our strategic partner."
Attacks targeting Cisco Webex extension explode in popularity - WatchGuard
WatchGuard's Internet Security Report for Q4 2018 also finds growing use of a new sextortion phishing malware customised to individual victims.