In a recent press release New Zealand based fuel company ‘Z Energy’ confirmed that they had been alerted to a major security flaw by a member of the public. The officials disclosed that Z Energy suffered data breach that occurred through a vulnerability in their Z Card Online System. The breached data may have included details of personal information.
Customers’ Details Hacked As Z Energy Suffered Data Breach
As disclosed by Stuff Circuit, Z Energy suffered data breach exposing an unknown amount of users’ data. Owing to a major security flaw, they revealed customers’ information to potential hackers who would then have had the opportunity to steal the personal details of Z Card customers. Curiously, Z Energy didn’t reveal the incident until Stuff Circuit broke the news today despite the company being alerted to the issue in November 2017.
Reportedly, Z Energy’s online system had a major system vulnerability that then allowed free access to the data. Anyone could access other customers’ details simply by changing the account number in the site URL. This vulnerability could then have been used to hack the Z Card Online System that enables users to manage their fuel accounts however at this time the company has not disclosed any details of misuse of customer accounts.
Z energy officials took down the site on December 15, 2017 but didn’t reveal anything about the security breach. Rather, they simply called it a ‘technical issue’.
The accessible data included customer’s names, addresses, vehicle registration numbers, vehicle types, and Z credit limits. However, it did not supposedly include any bank details.
CEO Apologizes For The Incident
Presently, the country has around 45,000 Z Card customers meaning all of these users were put at risk after Z Energy suffered this data breach.
Initially, the officials denied any security breach when approached about the matter. However, the company’s CEO, Mike Bennetts, later apologized for the incident, saying they were aware of the incident.
“It is certainly a security breach. We apologise for not actually responding to this appropriately, given what we knew at the time, and we assure [customers] that the steps that we took were reasonable as we knew at the time. We took advice from outside parties, experts in this matter, as well as government agencies about how to deal with this matter.”
He also confirmed that since last year December, a new system has replaced the previous ‘legacy system’ that exhibited vulnerabilities.
Since last week, there have been several incidences of data breaches worldwide. The companies indeed need to be more vigilant about their online security to protect themselves from these vulnerabilities.
Let us know your thoughts in the comments section.