animates.co.nz data breach 29 June 2019 – 13 September 2019

This notification explains what happened, how it may impact you and it sets out steps you can take in response.

What happened?

An unidentified third party recently gained unauthorised access to our website between June 29 and September 13. The third party may have accessed your personal information and payment details entered on our website. We have no direct information of specific information breaches, but we think it’s important to share this information with you.

As soon as we became aware of this incident, we immediately shut down the Animates website and launched a full investigation, which is still ongoing. We are working with external IT security consultants to assist with this investigation. We have also notified relevant privacy and legal authorities. The website remains offline during this time.

We unreservedly apologise this incident has occurred. At Animates, we have always prided ourselves on providing great experiences for our customers.

What personal information was involved?

Through our investigation to date credit / debit card data has been targeted through the breach. Any personal information shared with us may have also been impacted by the incident. This could include your address, phone number, email address, username or password.

To those customers who made purchases on-line using Layby or PayPal, your payment information has not been affected. We can confirm, no purchases made in physical stores have been affected.

What steps do you need to take?

Monitor credit card/debit activity closely: For customers that used a credit or debit card to make a purchase during the impacted period, you should monitor your credit/debit card statements closely and report any unusual activity to your bank. If the credit/debit card you used on our website does not belong to you, please take steps to bring this email to the cardholder's attention so that they can take steps to prevent potential misuse.

For customers that used a credit or debit card to make a purchase during the impacted period, you should monitor your credit/debit card statements closely and report any unusual activity to your bank. Change similar passwords across other sites. If you use the same password that you used to access Animates across other websites (such as email, social media, online banking etc); we would encourage you to reset these passwords as a precaution.

If you use the same password that you used to access Animates across other websites (such as email, social media, online banking etc); we would encourage you to reset these passwords as a precaution. Keep a look out for email, telephone and text-based scams.

Please refer to the following Netsafe advice about password and online shopping security:

What other steps is Animates taking?

We take the protection of our customers' data very seriously and we are launching a new website that has passed security audits from third party security specialists. This website is due to go live in the coming days.

We will be emailing our customers soon to notify them the new website is live and to create a new password for their account.

Who can you contact for more information?

If you have any concerns about your credit card / debit card, contact your bank immediately.

If you have any further questions or concerns, please email us at privacyofficer@animates.co.nz or visit www.animates.co.nz/data-breach for more information.

For more information visit the Privacy Commission www.privacy.org.nz/

Kind regards,

Rod Gibson

Chief Executive Officer

Animates NZ Ltd.