As reported by Reseller News, a vulnerability in the Outage app may have exposed the personal information of more than 35,000 customers in New Zealand.
Following the severe storm which battered the country in April, the company was “made aware” of an API vulnerability within its application.
As a result, the glitch allowed users with an understanding of web applications to identify the vulnerability and potentially exploit it to see information about other application users.
The provider first reported that as many as 24,000 users may have had name, phone number and address details accessed, before updating the number to 35,000.
A matter of weeks later, Vector then took legal action against news outlet Stuff in New Zealand, applying for a high court injunction following the breach.
The action centred around the recent breach of customer information from the Vector Outage App, and the subsequent publication of a news story by Stuff based on that data.
“Vector has asked Stuff several times to secure, to return or to destroy the confidential Vector customer data now in their possession that was provided to it by the hacker,” a spokesperson for Vector stated. “Stuff Limited has repeatedly refused this request.”
On the morning of 26 April, Vector said it was made aware by Stuff that an unspecified third party had unlawfully accessed the personal information of up to 24,000 Vector customers and provided the data to Stuff.
Stuff published a news story on this on the afternoon of April 26.
“We fully accept Stuff had a valid right to report on the original data breach,” the statement read at the time. “We have made it clear to Stuff that we were not seeking to prevent their reporting on the matter and we have not asked them at any time to disclose their information source.
“However, we do not believe Stuff should have compounded this matter by exploiting the customer data when reporting on it.”
Next up in the firing line was Z Energy, with the Zealand-based fuel supplier presented with evidence that customer data from its Z Card Online database was accessed by a third party in November 2017.
Revealed in June, the database held customer data such as names, addresses, registration numbers, vehicle types and credit limits with the company.
With local examples mounting, during the first quarter of 2018, a total of 506 incident were reported according to CERT NZ findings, representing the highest figures since the security body was established.
“With this increase comes more information about the impact on New Zealanders,” said Rob Pope, director of CERT NZ. “Financial losses continue to be high, with almost $3 million in direct financial loss reported.
According to Pope, 45 per cent of incidents reported showed “some form of loss”, while vulnerability cases increased dramatically with twice as many received compared to the fourth quarter of 2017.
Alongside new ransomware variants - chiefly Rapid and David - CERT NZ findings showed increases across in the board in terms of security attacks, spanning phishing and credential harvesting (55 per cent increase); unauthorised access (67 per cent increase), and reported vulnerabilities (133 per cent increase).
“We help Kiwis improve their cyber security using the data we collect and collate,” Pope added. “We make the most difference when we’re working as a fence at the top of the cliff, rather than focusing just on being the best ambulance at the bottom of it.
“We’re doing this by working on new ways to disrupt models of attack and building outreach activities that help people take simple actions to protect themselves online.”
The findings align with earlier reported figures, highlighting that more than one-third of the adult online population in New Zealand was affected by cyber crime in 2017, impacting as many as one million Kiwis.
Representing almost a quarter of the estimated 4.7 million population, according to 2017 census figures, the victims lost more than $177 million combined, spending over nine hours dealing with the aftermath.
According to findings Norton by Symantec findings, nearly half of all New Zealanders (49 per cent) have or know someone who has been impacted by an online security threat.
Of those who have ever been a victim of cyber crime, 56 per cent have been affected in the past year.