Following this month’s severe storm, Vector has been made aware of a API (Application Program Interface) vulnerability in its Outage App. The API is the bridge between two data sources used in the Outage App.
An unidentified third party exploited an API vulnerability which allowed them to manipulate the application to potentially obtain personal information about other app users who had reported an outage via the app.
After investigation, a number of app users may have had their name, phone number and address details accessed through the vulnerability. We will be contacting those customers who may have had their data compromised over the next few days.
Please note no financial or banking information was held in the app, and the potential data breach was contained solely to information provided by customers to the app. The security of the Vector website, financial or electricity network systems has not been affected.
This data breach comes as we are working to significantly improve our customers’ information experience during an outage, which was a clear problem following a recent storm.
We have taken the immediate step of disabling the Vector Outage app and withdrawn all customer records which were breached.
The app will remain disabled until we have total confidence our customers’ data remains secure while using it.
The app has proven to be a popular and extremely effective way of providing customers with individualised information about outages affecting them. It will now be completely rebuilt to manage the dual issues of demand during large outages as well as ensuring even higher levels of data security. In the meantime, while the app is being rebuilt, any customers who need to report an outage should call 0508 VECTOR.
We ask our customers to be extra vigilant if they receive any unsolicited communication from anyone purporting to be from Vector.
See customer FAQS here.