Select Page

NZ Incident: New Zealand’s AA Traveler “@WeLoveNZ” data breach

Posted by | May 13, 2022 | , , , , , | 0 |

NZ Incident: New Zealand’s AA Traveler “@WeLoveNZ” data breach

New Zealand Data Breach, May 13 2022

Vulnerability in @WeLoveNZ database causes data breach at New Zealand’s AA Traveller

Names, email address, passwords and phone numbers compromised

Source: Data breach at @WeLoveNZ | Troy Hunt
Source: AA Traveller apologises after massive data breach | RNZ

New Zealand travel company has report suffering a privacy breach due to vulnerabilities on it’s @WeLoveNZ website.

Hackers have taken names, addresses, contact details and expired credit card numbers from the AA Traveller website used between 2003 and 2018.

AA travel and tourism general manager Greg Leighton said the data was taken in August last year and AA Traveller found out in March.

He said a lot of the data was not needed anymore, so it should have been deleted, and the breach “could have been prevented”.

Security investigator Troy Hunt posted a tweet showing a letter from AA Traveller to users confirming the incident and providing advice to members.

“Data breach at @WeLoveNZ. This is pretty well-written; I like the sincerity and owning of the incident, would have liked to see a timeline though as “recently” is very open to interpretation.”

– Troy Hunt

AA Traveler statement

 

Rate:

About The Author

Steven Kirby

I provide independent and practical consultancy services through raising awareness and fostering the energy for change that delivers improved business management of information security governance, risk and compliance.

Related Posts

Incident: City of Ballarat privacy nightmare: resident details posted online | The Courier

Incident: City of Ballarat privacy nightmare: resident details posted online | The Courier

February 21, 2018

Incident: INC Ransom claims hack on closed Queensland law firm | Cyberdaily.au

Incident: INC Ransom claims hack on closed Queensland law firm | Cyberdaily.au

December 8, 2024

Audit: ANAO finds Services Australia lacking in cyber and cost aspects of WPIT | ZDNet

Audit: ANAO finds Services Australia lacking in cyber and cost aspects of WPIT | ZDNet

September 25, 2020

Health open data bungle meant Aussies could be identified | iTnews

Health open data bungle meant Aussies could be identified | iTnews

December 21, 2017

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Please follow the Source link to the original article to support the content owner. We only provide a brief summary with metadata to assist in categorisation.

More Australian News

Exclusive: INC Ransom claims cyber attack on Australian engineering service company
Exclusive: INC Ransom claims cyber attack on Australian engineering service company

Threat actors have claimed a cyber attack on an Australian engineering solutions company and are threatening to publish data they allegedly … [...]

Exclusive: Major cleaning and facility services firm confirms third-party cyber incident
Exclusive: Major cleaning and facility services firm confirms third-party cyber incident

Major private cleaning and facility services firm Menzies Group has confirmed a cyber incident that occurred after a third-party IT provider was … [...]

Exclusive: Australian College of Business Intelligence investigating Qilin ransomware claims
Exclusive: Australian College of Business Intelligence investigating Qilin ransomware claims

A Sydney-based vocational college has found no evidence of compromised student data after being listed on the leak site of a prolific hacking group. • … [...]

Victorian bulk porting scammer gets over two years in prison
Victorian bulk porting scammer gets over two years in prison

A 35-year-old man from Lynbrook, south-east Melbourne, has received a prison sentence of two years and two months, with a 12-month non-parole period, … [...]

NSW cyber cops bust alleged bullion-buying BEC bandits
NSW cyber cops bust alleged bullion-buying BEC bandits

NSW Police have charged three people over an alleged $600,000 business email compromise (BEC) scam operation, after detectives caught a young woman … [...]

Miners’ data targeted as hackers hold software provider to ransom
Miners’ data targeted as hackers hold software provider to ransom

Dozens of Australian mining companies are scrambling to access their key technology systems after a major software supplier to the sector was … [...]

Instructure dealing with Canvas cyberhackers a dangerous tactic, say experts
Instructure dealing with Canvas cyberhackers a dangerous tactic, say experts

The company that runs Canvas has painted a target on its back for future extortion attempts by making a deal with hackers, according to cybersecurity … [...]

Exclusive: Hospitality IT provider allegedly breached by Qilin
Exclusive: Hospitality IT provider allegedly breached by Qilin

Threat actors have claimed a cyber attack on an Australian hospitality and gaming industry supplier, having listed the firm on the dark web. • Fri, 15 … [...]

ACCC welcomes another year of funding for the National Anti-Scam Centre
ACCC welcomes another year of funding for the National Anti-Scam Centre

The Australian consumer watchdog is pleased with the overall funding boost of $67.7 million over four years in the 2026–27 budget. • Thu, 14 May 2026 … [...]

Report: Business email compromise attacks surged dangerously in April
Report: Business email compromise attacks surged dangerously in April

BEC attacks rose 151 per cent month on month in April, with advanced fee and gift card fraud key drivers. • Thu, 14 May 2026 • Security *]:clear-none … [...]

Scope Systems confirms cyber incident, says no data loss occurred
Scope Systems confirms cyber incident, says no data loss occurred

Western Australia-based software deployment specialist and reseller Scope Systems has disclosed a cyber incident but said no data loss occurred. • … [...]

Instructure breach: ShinyHunters says ‘matter has been resolved’
Instructure breach: ShinyHunters says ‘matter has been resolved’

The hackers behind the global Canvas LMS breach have said they are no longer “seeking money” from any victim. • Wed, 13 May 2026 • … [...]

Shares
Share This

Discover more from Australian Cyber Aware

Subscribe now to keep reading and get access to the full archive.

Continue reading