Z Energy did not mention the extent to which its database was compromised. However, the compromised system has remained closed since December 2017.
On Wednesday, Z Energy Ltd, a New Zealand-based fuel supplier disclosed it has been presented with evidence that its customer data from its Z Card Online database was accessed by a third party in November 2017.
In its statement, Z Energy stated, the database contained customer names, addresses, registration numbers, vehicle types and their credit limits. The data accessed by the third party did not include bank details, pin numbers or information that would put customer finances directly at risk, said Z Energy.
Incidentally, the company did not mention the extent to which the database had been compromised.
Z Energy did mention however that it had notified the affected customers and had informed the Privacy Commissioner of the breach.
Significantly, the compromised system has remained closed since December 2017.
The company’s Z Card allows customers to manage their fuel accounts online with their primary customers being companies with large fleets of vehicles.
Incidentally, Z Energy stated, it had been made aware of a potential vulnerability in the system in November 2017 but had not found any evidence of data breaches at that time.
Z Energy’s area of operations includes Australia and New Zealand.
In late February 2018, Australia passed new laws that require companies to report data breaches.