Story image

Vector's Outage app hit by data breach last month - personal info stolen

04 May 18

Vector was hit by a data breach last month, which exposed names, phone numbers, emails, and data that could lead to the locations of customers who reported an outage.

The breach happened on April 26, 2018. According to Vector, the attacker leaked details to media organisation Stuff. Stuff has refused to destroy, return or secure the data that was stolen.

On April 27 the company posted a FAQ section that detailed an API vulnerability in its Outage app.

The vulnerability was exploited by an unknown third party, who then hacked the app. The attacker may have gained access to personal information about app users and anyone who had used the app to report an outage.

While personal information may have been compromised, no financial information such as bank account or credit card details were stolen.

Vector says the breach was confined to information provided by customers to the app. The company’s electricity network, financial systems and website were not compromised.

“This data breach comes as we are working to significantly improve our customers’ information experience during an outage, which was a clear problem following a recent storm,” Vector says in a statement.

According to the company’s FAQ, ‘a number of app customers may have been affected by this data breach’. All customers should now be notified either by email or by letter. The email will be sent from privacy@vector.co.nz.

“We have taken the immediate step of disabling the Vector Outage app and withdrawn all customer records which were breached,” the company says.

Customers who want to report or find out about outages must call Vector directly or visit Vector’s website for more information.

“We are working hard to redesign and relaunch our outage app based on customer feedback and performance during the recent storm to create an industry leading customer experience,” Vector says.
 
“We will also be ensuring that our customer data is stored, maintained and managed securely in line with best practice and world standards.”

Vector suggests that customers:

  • Consider your security for online accounts where you’ve used your email address for account identification.
  • Be aware that following this breach, your email address may potentially be the subject of heightened spam activity, and in all cases we recommend you take care when opening emails and/or clicking on links.
  • Note that Vector will never request passwords or financial information from you over email.
  • For more information on how to ensure your information remains safe and how to recognise potential online scams, visit www.netsafe.org.nz

“We ask our customers to be extra vigilant if they receive any unsolicited communication from anyone purporting to be from Vector.”

How blockchain will impact NZ’s economy
Distributed ledgers and blockchain are anticipated to provide a positive uplift to New Zealand’s economy.
25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.
Human value must be put back in marketing - report
“Digital is now so widely adopted that its novelty has worn off. In their attempt to declutter, people are being more selective about which products and services they incorporate into their daily lives."
Wine firm uses AR to tell its story right on the bottle
A Central Otago wine company is using augmented reality (AR) and a ‘digital first’ strategy to change the way it builds its brand and engages with customers.
DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill. 
Protecting organisations against internal fraud
Most companies tend to take a basic approach that focuses on numbers and compliance, without much room for grey areas or negotiation.
Telesmart to deliver Cloud Calling for Microsoft Teams
The integration will allow Telesmart’s Cloud Calling for Microsoft Teams to natively enable external voice connectivity from within Teams collaborative workflow environment.
Jade Software & Ambit take chatbots to next level of AI
“Conversation Agents present a huge opportunity to increase customer and employee engagement in a cost-effective manner."