A vulnerability in the Outage app of electricity network provider Vector may have exposed the personal information of more than 35,000 customers in New Zealand.
Following the severe storm which battered the country earlier this month, the company was “made aware” of an API vulnerability within its application.
As a result, the glitch has allowed users with an understanding of web applications to identify the vulnerability and potentially exploit it to see information about other application users.
The provider first reported that as many as 24,000 users may have had name, phone number and address details accessed, before updating the number to 35,000.
“We will be contacting those customers who may have had their data compromised over the next few days,” a company statement read.
“Please note no financial or banking information was held in the app, and the potential data breach was contained solely to information provided by customers to the app.”
A spokesperson said the security of the Vector website, financial or electricity network systems has not been affected.
“This data breach comes as we are working to significantly improve our customers’ information experience during an outage, which was a clear problem following a recent storm,” the statement added.
“We have taken the immediate step of disabling the Vector Outage app and withdrawn all customer records which were breached.”
Vector said the app will remain disabled until “we have total confidence” customer data remains secure while using it.
“The app has proven to be a popular and extremely effective way of providing customers with individualised information about outages affecting them,” the statement continued.
“It will now be completely rebuilt to manage the dual issues of demand during large outages as well as ensuring even higher levels of data security.
“We ask our customers to be extra vigilant if they receive any unsolicited communication from anyone purporting to be from Vector. “
While the app is being rebuilt, any customers who need to report an outage should call 0508 VECTOR.