Menu
Kiwi customer data exposed as Z Energy admits breach

Kiwi customer data exposed as Z Energy admits breach

Database held customer data such as names, addresses, registration numbers, vehicle types and credit limits

New Zealand-based fuel supplier Z Energy has been presented with evidence that customer data from its Z Card Online database was accessed by a third party in November 2017.

The database held customer data such as names, addresses, registration numbers, vehicle types and credit limits with the company.

“Z takes its data privacy responsibility and threats to cyber security very seriously and is taking steps to ensure that the company learns from this incident,” a company statement read.

“With the evidence provided to Z to date, the company believes the data accessed does not include bank details, or other information that would put customer finances directly at risk.

“That is because these sort of customer details were not held within the system that was accessed for security reasons.”

At this stage, Z Energy did not specify the extent to which its customer data had been compromised.

The company said it had notified affected customers and advised the Privacy Commissioner of the breach, with the system in question closed since December 2017.

“After being informed of the privacy breach Z has immediately acted to let affected customers know that their data may have been accessed,” the statement added.

“Z is committed to assisting customers in any way possible in relation to this incident.”

The Z Card allows customers to manage fuel accounts online, and is used primarily by companies with vehicle fleets.

The business said it had been made aware of a potential vulnerability in the system in November, but had not found evidence of any data breaches at that time.

“Z has engaged an external provider to commence penetration testing across all of Z’s customer facing systems to immediately assess for any vulnerabilities,” the statement said.

“Z also operates Caltex Star Card. The Star Card online system has very similar characteristics to that of the former ZCOL system.

“As a precaution, Z is taking this system down with immediate effect, until the company can be confident it does not exhibit the same vulnerabilities.”

Z Energy operates in both New Zealand and Australia. New laws in Australia requiring companies to report data breaches took effect in late-February this year.

(Reporting by Ambar Warrick in Bengaluru and James Henderson)


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Z Energy

Featured

Slideshows

EDGE 2018: Kiwis kick back with Super Rugby before NZ session

EDGE 2018: Kiwis kick back with Super Rugby before NZ session

New Zealanders kick-started EDGE 2018 with a bout of Super Rugby before a dedicated New Zealand session, in front of more than 50 partners, vendors and distributors on Hamilton Island.​

EDGE 2018: Kiwis kick back with Super Rugby before NZ session
EDGE 2018: Kiwis assess key customer priorities through NZ research

EDGE 2018: Kiwis assess key customer priorities through NZ research

EDGE 2018 kicked off with a dedicated New Zealand track, highlighting the key customer priorities across the local market, in association with Dell EMC. Delivered through EDGE Research - leveraging Kiwi data through Tech Research Asia - more than 50 partners, vendors and distributors combined during an interactive session to assess the changing spending patterns of the end-user and the subsequent impact to the channel.

EDGE 2018: Kiwis assess key customer priorities through NZ research
Show Comments