Story image

Computer Lounge online store hit by security breach

05 Nov 18

Auckland-based online computer parts store Computer Lounge has been affected by a security breach.

According to a report from Reddit user Brian McCarthy, the vulnerability had existed for months, but the company had failed to act on it until recently.

The vulnerability could have allowed somebody to extract personal information from the website, however the company says that no credit card details or passwords were compromised. Personal information can still be used for identity theft or be put up for sale on cybercrime marketplaces.

A notice published on the company’s website last weekend admits that Computer Lounge doesn’t know ‘the full extent of the data leaked’, but it is working with a team of data forensics specialists to find out.

“We take full responsibility and would like to assure the public we have done everything in our power to not only right this wrong, but to ensure that such an incident does not happen again,” the notice says. 

“We took down our website to ensure that any impact on our customers was minimised, and are we working with a new team of web developers to develop an updated, robust website, and look forward to sharing this with you very soon.”

Computer Lounge is working with CERT NZ, the Police and the Privacy Commission to mitigate the issue and minimise impact on customers.

A notice posted on Sunday November 4 says: “We would like to reassure our customers that while the site was down we have pushed updates which have fixed the vulnerability. We will keep you posted with any further updates should they be required.”

A number of high-profile security breaches involving New Zealand firms have hit the headlines this year, proving the old adage of ‘it’s not a case of if, but when’.

Earlier this year Z Energy announced that its Z Card online database was ‘accessed by a third party’ back in November 2017.

The third party may have accessed customer data but not bank information or anything that affects customer finances.

“Z takes its data privacy responsibility and threats to cyber security very seriously and is taking steps to ensure that the company learns from this incident,” the company stated at the time.

Vector’s Outage app was also breached this year. It leaked information belonging to 24,000 customers including names, emails, and postal addresses.

Facebook, Ticketmaster, TimeHop, and even the PyeongChang Winter Olympics have been affected by breaches this year.

Royole's FlexPai: So bendable phablets are a reality now
A US-based firm called Royole is delivering on that age-old problem of not being able to fold up your devices (who hasn't ever wished they could fold their phone up...)
Why mobile web could be a secret weapon for strategy
On mobile, a poor user experience is exacerbated and design flaws are magnified.
Kiwis losing $24.7mil to scam calls every year
The losses are almost five times higher compared to the same period last year, from reported losses alone.
Four major business risks you should watch out for
"It’s essential for businesses to monitor human behaviour, and apply and enforce policies consistently. The alternative is to lose large amounts of unrecoverable money as a result of people’s actions."
Government still stuck in the past? Not on GovTech's watch
What exactly is GovTech and what’s been happening in our capital city?
Workday – who are they and what do they do?
We quickly summarise everything you need to know about the up and coming business software leader.
Xero weighs in on Fraud Awareness Week
Unfortunately the Xero Security team is all too aware of fraud. We see it affecting our customers and community as an almost daily event.  
"Is this for real?" The reality of fraud against New Zealanders
Is this for real? More often than not these days it can be hard to tell, and it’s okay to be a bit suspicious, especially when it comes to fraud.