Story image

Vector's Outage app hit by data breach last month - personal info stolen

04 May 2018

Vector was hit by a data breach last month, which exposed names, phone numbers, emails, and data that could lead to the locations of customers who reported an outage.

The breach happened on April 26, 2018. According to Vector, the attacker leaked details to media organisation Stuff. Stuff has refused to destroy, return or secure the data that was stolen.

On April 27 the company posted a FAQ section that detailed an API vulnerability in its Outage app.

The vulnerability was exploited by an unknown third party, who then hacked the app. The attacker may have gained access to personal information about app users and anyone who had used the app to report an outage.

While personal information may have been compromised, no financial information such as bank account or credit card details were stolen.

Vector says the breach was confined to information provided by customers to the app. The company’s electricity network, financial systems and website were not compromised.

“This data breach comes as we are working to significantly improve our customers’ information experience during an outage, which was a clear problem following a recent storm,” Vector says in a statement.

According to the company’s FAQ, ‘a number of app customers may have been affected by this data breach’. All customers should now be notified either by email or by letter. The email will be sent from privacy@vector.co.nz.

“We have taken the immediate step of disabling the Vector Outage app and withdrawn all customer records which were breached,” the company says.

Customers who want to report or find out about outages must call Vector directly or visit Vector’s website for more information.

“We are working hard to redesign and relaunch our outage app based on customer feedback and performance during the recent storm to create an industry leading customer experience,” Vector says.
 
“We will also be ensuring that our customer data is stored, maintained and managed securely in line with best practice and world standards.”

Vector suggests that customers:

  • Consider your security for online accounts where you’ve used your email address for account identification.
  • Be aware that following this breach, your email address may potentially be the subject of heightened spam activity, and in all cases we recommend you take care when opening emails and/or clicking on links.
  • Note that Vector will never request passwords or financial information from you over email.
  • For more information on how to ensure your information remains safe and how to recognise potential online scams, visit www.netsafe.org.nz

“We ask our customers to be extra vigilant if they receive any unsolicited communication from anyone purporting to be from Vector.”

SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.