Story image

Vector's Outage app hit by data breach last month - personal info stolen

04 May 18

Vector was hit by a data breach last month, which exposed names, phone numbers, emails, and data that could lead to the locations of customers who reported an outage.

The breach happened on April 26, 2018. According to Vector, the attacker leaked details to media organisation Stuff. Stuff has refused to destroy, return or secure the data that was stolen.

On April 27 the company posted a FAQ section that detailed an API vulnerability in its Outage app.

The vulnerability was exploited by an unknown third party, who then hacked the app. The attacker may have gained access to personal information about app users and anyone who had used the app to report an outage.

While personal information may have been compromised, no financial information such as bank account or credit card details were stolen.

Vector says the breach was confined to information provided by customers to the app. The company’s electricity network, financial systems and website were not compromised.

“This data breach comes as we are working to significantly improve our customers’ information experience during an outage, which was a clear problem following a recent storm,” Vector says in a statement.

According to the company’s FAQ, ‘a number of app customers may have been affected by this data breach’. All customers should now be notified either by email or by letter. The email will be sent from privacy@vector.co.nz.

“We have taken the immediate step of disabling the Vector Outage app and withdrawn all customer records which were breached,” the company says.

Customers who want to report or find out about outages must call Vector directly or visit Vector’s website for more information.

“We are working hard to redesign and relaunch our outage app based on customer feedback and performance during the recent storm to create an industry leading customer experience,” Vector says.
 
“We will also be ensuring that our customer data is stored, maintained and managed securely in line with best practice and world standards.”

Vector suggests that customers:

  • Consider your security for online accounts where you’ve used your email address for account identification.
  • Be aware that following this breach, your email address may potentially be the subject of heightened spam activity, and in all cases we recommend you take care when opening emails and/or clicking on links.
  • Note that Vector will never request passwords or financial information from you over email.
  • For more information on how to ensure your information remains safe and how to recognise potential online scams, visit www.netsafe.org.nz

“We ask our customers to be extra vigilant if they receive any unsolicited communication from anyone purporting to be from Vector.”

NZ Internet Task Force joins iSANZ Hall of Fame
NZITF chair Barry Brailey and former chairs Mike Seddon and Paul McKitrick received the award in Auckland last week.
Quantum computing: The double-edged sword for cybersecurity
Quantum computing is quickly moving from science fiction to reality.
Three ways to achieve data security whilst enabling BYOD
"A mobility strategy is now more important than ever before, that said, selecting the right one is often no small task."
How IoT and hybrid cloud will change in 2019
"Traditional VPN software solutions are obsolete for the new IT reality of hybrid and multi-cloud."
WatchGuard’s eight (terrifying) 2019 security predictions
The next evolution of ransomware, escalating nation-state attacks, biometric hacking, Wi-Fi protocol security, and Die Hard fiction becomes reality.
GCSB's CORTEX project scoops iSANZ Award
“I believe this award is particularly significant as it is acknowledgement from our peers in the information security industry and from across the private sector."
NZ firms lack cybersecurity confidence, HP survey says
Out of 434 of New Zealand’s small and large businesses, only half (50%) feel confident that they would be able to cope if they experienced a significant cybersecurity breach.
SonicWall secures hybrid clouds by simplifying firewall deployment
Once new products are brought online in remote locations, administrators can manage local and distributed networks.