sb-nz logo
Story image

Computer Lounge online store hit by security breach

05 Nov 2018

Auckland-based online computer parts store Computer Lounge has been affected by a security breach.

According to a report from Reddit user Brian McCarthy, the vulnerability had existed for months, but the company had failed to act on it until recently.

The vulnerability could have allowed somebody to extract personal information from the website, however the company says that no credit card details or passwords were compromised. Personal information can still be used for identity theft or be put up for sale on cybercrime marketplaces.

A notice published on the company’s website last weekend admits that Computer Lounge doesn’t know ‘the full extent of the data leaked’, but it is working with a team of data forensics specialists to find out.

“We take full responsibility and would like to assure the public we have done everything in our power to not only right this wrong, but to ensure that such an incident does not happen again,” the notice says. 

“We took down our website to ensure that any impact on our customers was minimised, and are we working with a new team of web developers to develop an updated, robust website, and look forward to sharing this with you very soon.”

Computer Lounge is working with CERT NZ, the Police and the Privacy Commission to mitigate the issue and minimise impact on customers.

A notice posted on Sunday November 4 says: “We would like to reassure our customers that while the site was down we have pushed updates which have fixed the vulnerability. We will keep you posted with any further updates should they be required.”

A number of high-profile security breaches involving New Zealand firms have hit the headlines this year, proving the old adage of ‘it’s not a case of if, but when’.

Earlier this year Z Energy announced that its Z Card online database was ‘accessed by a third party’ back in November 2017.

The third party may have accessed customer data but not bank information or anything that affects customer finances.

“Z takes its data privacy responsibility and threats to cyber security very seriously and is taking steps to ensure that the company learns from this incident,” the company stated at the time.

Vector’s Outage app was also breached this year. It leaked information belonging to 24,000 customers including names, emails, and postal addresses.

Facebook, Ticketmaster, TimeHop, and even the PyeongChang Winter Olympics have been affected by breaches this year.

Story image
Five big security questions facing CISOs
Given the global pandemic and the sudden shift in how the workforce operates, the CISOs worldwide have faced an unprecedented set of challenges. Several months into the transition, new struggles continue to arise, while many of the original ones remain unanswered.More
Story image
SMEs treading water against 'endless volley' of cyber-attacks — report
According to a new report from Cynet, these SMEs are resorting to outsourcing some aspects of their threat mitigation in order to safeguard IT assets, as a result of the heightened risk of serious breaches.More
Story image
First AML awarded Privacy Trust Mark
“First AML conducts regular, detailed staff privacy and security training sessions and employs regular third-party audits that go above and beyond what is required by law."More
Story image
IT professionals destroying end-of-life hardware over fears of data breaches - report
IT directors are destroying end of life tech hardware as opposed to erasing its data out of fear of making a mistake and facing data breaches.More
Story image
Sophos Rapid Response puts out the ransomware fire
“Attackers are using a range of techniques and whichever defence has a weakness is how they get in. When one technique fails they move on to the next, until they find a weak spot."More
Story image
Google Cloud announces availability of zero trust platform BeyondCorp Enterprise
The platform directly replaces BeyondCorp Remote Access, which was brought to the market in April 2020 as Google’s first foray into the zero trust space.More