Dear Customer,

We have been made aware that a third party has unlawfully accessed the personal information of a number of Vector customers.

This breach will have affected some of the customers who used the Vector Outage App to report an outage. We wanted to inform you that, as you have provided information via the Outage App, your data may potentially be included. We understand this may be upsetting for you and we are sorry for this. We are continuing to investigate the matter, and if and when we can confirm if your data has been compromised we will contact you to let you know.

What happened

The information that was compromised was isolated to what is recorded within the Vector Outage App through the 'report an outage' function, and could include your name, phone number, email address and postal address, depending on the extent of information you provided via the Outage App. At this stage we are confident that the source of the breach is contained. The data breach is not linked in any way to other customer information we hold. No financial information was held in the Outage App, and the data breach has not compromised the security of Vector's website, financial or electricity network systems.

Steps we've taken to manage this

As soon as we became aware, we took immediate steps to rectify the issue and to ensure no further breaches occurred including:

Immediately disabling the Vector Outage App.

Identifying and resolving the specific vulnerability within the app that allowed the data to be accessed.

Working with the Office of the Privacy Commissioner.

Engaging IDCARE, New Zealand's national identity and cyber support specialists, to provide an assessment of the breach and to be available to provide support and assistance to affected customers as necessary.

Commencing additional work to address data security issues as part of the Vector Outage App rebuilding process. The Vector Outage App was already being redeveloped in response to its performance during the recent storm events. Note the Outage App will not be available until we are assured the vulnerabilities have been fully assessed and contained and upgrades are in place.

Further steps you might consider to protect yourself

In light of this data breach, we recommend that you:

As a precaution and as good online practice, consider strengthening security for online accounts where you've used this email address for account identification.

Be aware that if your data has been breached, your email address may potentially be the subject of heightened spam activity and phishing emails, and in all cases we recommend you take care when opening emails and clicking on links.

Note that Vector will never request passwords or financial information from you over email.

More information

We want to ensure that you feel supported and you can get the information you need to protect yourself:

For more information on protecting yourself and your data as a result of this incident, visit www.idcare.org.

For more information on how to recognise potential online scams, visit www.netsafe.org.nz.

For further information regarding the data breach, visit www.vector.co.nz, or email us at datasecurity@vector.co.nz or call 0508 VECTOR (0508 832 867).

In the event of a power outage whilst improvements are being made to the Vector Outage App, please call 0508 VECTOR (0508 832 867).

Privacy forms an important part of our culture at Vector and we take the security of customer information very seriously. We will keep our customers informed as we work our way through this breach.

Regards,

Brendan Kevany

Privacy Officer