Story image

Vector's Outage app hit by data breach last month - personal info stolen

04 May 18

Vector was hit by a data breach last month, which exposed names, phone numbers, emails, and data that could lead to the locations of customers who reported an outage.

The breach happened on April 26, 2018. According to Vector, the attacker leaked details to media organisation Stuff. Stuff has refused to destroy, return or secure the data that was stolen.

On April 27 the company posted a FAQ section that detailed an API vulnerability in its Outage app.

The vulnerability was exploited by an unknown third party, who then hacked the app. The attacker may have gained access to personal information about app users and anyone who had used the app to report an outage.

While personal information may have been compromised, no financial information such as bank account or credit card details were stolen.

Vector says the breach was confined to information provided by customers to the app. The company’s electricity network, financial systems and website were not compromised.

“This data breach comes as we are working to significantly improve our customers’ information experience during an outage, which was a clear problem following a recent storm,” Vector says in a statement.

According to the company’s FAQ, ‘a number of app customers may have been affected by this data breach’. All customers should now be notified either by email or by letter. The email will be sent from privacy@vector.co.nz.

“We have taken the immediate step of disabling the Vector Outage app and withdrawn all customer records which were breached,” the company says.

Customers who want to report or find out about outages must call Vector directly or visit Vector’s website for more information.

“We are working hard to redesign and relaunch our outage app based on customer feedback and performance during the recent storm to create an industry leading customer experience,” Vector says.
 
“We will also be ensuring that our customer data is stored, maintained and managed securely in line with best practice and world standards.”

Vector suggests that customers:

  • Consider your security for online accounts where you’ve used your email address for account identification.
  • Be aware that following this breach, your email address may potentially be the subject of heightened spam activity, and in all cases we recommend you take care when opening emails and/or clicking on links.
  • Note that Vector will never request passwords or financial information from you over email.
  • For more information on how to ensure your information remains safe and how to recognise potential online scams, visit www.netsafe.org.nz

“We ask our customers to be extra vigilant if they receive any unsolicited communication from anyone purporting to be from Vector.”

GirlBoss wins 2018 YES Emerging Alumni of the Year Award
The people have spoken – GirlBoss CEO and founder Alexia Hilbertidou has been crowned this year’s Young Enterprise Scheme (YES) Emerging Alumni of the Year.
IDC: Standalone VR headset shipments grow 428.6% in 3Q18
The VR headset market returned to growth in 3Q18 after four consecutive quarters of decline and now makes up 97% of the combined market.
Meet Rentbot, the chatbot that can help with tenancy law
If you find yourself in a tricky situation  - or if you just want to understand your rights as a landlord or tenant, you can now turn to a chatbot for help.
PlayerUnknown’s Battlegrounds (PUBG) finally releases on PS4
PUBG on PS4 feels like it’s still in Early Access as the graphics look horribly outdated and the game runs poorly too. 
How AI can fundamentally change the business landscape
“This is an extremely interesting if not pivotal time to discuss how AI is being deployed and leveraged, both in business and at home.”
CERT NZ highlights rise of unauthorised access incidents
“In one case, the attacker gained access and tracked the business’s emails for at least six months. They gathered extensive knowledge of the business’s billing cycles."
Report finds GCSB in compliance with NZ rights
The Inspector-General has given the GCSB its compliance tick of approval for the fourth year in a row.
Game review: Just Cause 4 on PC
Rico Rodriguez returns to wreak over-the-top havoc for a fourth time. This time the island nation of Solís is our hero’s sandbox, ripe for destruction.