The information was revealed due to a glitch in the app.

A glitch in electricity network provider Vector's Outage app has inadvertently revealed the names, email addresses, physical location and phone number of its customers.

The app is designed to give customers information about power outages. It was used by many customers when a storm knocked out power to thousands of Auckland households earlier this month.

The app downloads the name, email, GPS co-ordinates and other personal data related to every unresolved outage reported via the app.

But that information can also be accessed by anyone else who has downloaded the app, by using an http proxy server and without the need to evade security measures.

READ MORE:

* Power finally returned to Auckland families following outage

* Why did the storm cause so much electricity havoc?

* Vector not willing to pay out after over charging customers

The anonymous tipster who reported the problem to Stuff was able to access 33,000 listings of Vector customers' details. Some of those reports contained the same customers' information multiple times.

Vector is the country's biggest distributor of electricity and gas, owning and operating networks across Auckland.

"Vector are publicly broadcasting the personal details and location of individual consumers when they are at their most vulnerable - alerting villains, very specifically, that citizens are without power, security alarms and lighting. Vector, through its negligence and mediocrity has provided the criminally inclined with a smorgasbord of opportunity," the source said.

"Our agenda is simply to shine the light on this lack of basic competence at one of the country's most important infrastructure networks, to protect fellow citizens by exposing this abuse of consumer privacy and to ensure accountability by the perpetrators."

The problem had also been reported to Apple.

Nikhil Ravishankar, Vector chief digital officer, said it had been made aware of the problem.

"I should note that no customers' financial or banking information was held in the app, and the data breach has not compromised the security of our website, financial or electricity network systems.

SUPPLIED Michael Stiassny, Vector chairman, has positioned the firm as a technology-focused company.

"We are deeply sorry for this data breach, which comes as we are working to significantly improve our customers' information experience during an outage, which was a clear problem following the April 10 storm.

"While we believe we have identified the app vulnerability and taken steps to prevent future app users' data being accessible, and work has already commenced to overhaul the Vector Outage App, I have taken the immediate step of disabling the Vector Outage App until we can have total confidence our customers' data remains secure while using it," Ravishankar said.

One of the customers whose data has been breached is television presenter Jude Dobson, whose email address, phone number and GPS co-ordinates are available.

"I don't like that thought at all," she said.

Dobson said the app had not been useful. "I kept looking and finding the house was fixed, then it wasn't, then [the outage] was registered, then it wasn't."

SIMON MAUDE/STUFF Lineman trying to restore power following the storm which swept across the top of the North Island.

Lech Janczewski, an associate professor in information security at the University of Auckland, was not surprised by the breach.

He said developers were often focused on making attractive apps that worked and did not consider how the personal data involved was collected and treated.

Ravishankar said the app had proven to be a popular and extremely effective way of providing customers with individualised information about outages affecting them. It had struggled with the demand during the most recent storm.

"It will now be completely rebuilt to manage the dual issues of demand during large outages as well as ensuring data security. In the meantime, while the app is being rebuilt, any customers who need to report an outage should call 0508 VECTOR.

"Vector is notifying the Privacy Commissioner of the data breach, and is taking steps to determine which customers have been affected. At this stage, we do not know the identifies of those customers who have had their data breached, as this has not been shared with us."

Electricity Authority chief executive Carl Hansen said the breach would be covered by the Privacy Act.

"Electricity providers are covered by this legislation. The Authority would expect any electricity participant to comply with privacy legislation," he said.

"The Electricity Authority has no regulatory oversight of customer information held by, or directly released by, a distributor."

Privacy Commissioner John Edwards said his office was aware of the problem.

"I can confirm that Vector have contacted my office and are taking steps according our guidelines for responding to data breaches. We will continue to monitor the situation as we receive more information about the circumstances and scale of the breach."

VECTOR The power outages displayed on Vector's website following the storm earlier this month.