New Zealand Data Breach, May 13 2022

Vulnerability in @WeLoveNZ database causes data breach at New Zealand’s AA Traveller

Names, email address, passwords and phone numbers compromised

Source: Data breach at @WeLoveNZ | Troy Hunt
Source: AA Traveller apologises after massive data breach | RNZ

New Zealand travel company has report suffering a privacy breach due to vulnerabilities on it’s @WeLoveNZ website.

Hackers have taken names, addresses, contact details and expired credit card numbers from the AA Traveller website used between 2003 and 2018.

AA travel and tourism general manager Greg Leighton said the data was taken in August last year and AA Traveller found out in March.

He said a lot of the data was not needed anymore, so it should have been deleted, and the breach “could have been prevented”.

Security investigator Troy Hunt posted a tweet showing a letter from AA Traveller to users confirming the incident and providing advice to members.

“Data breach at @WeLoveNZ. This is pretty well-written; I like the sincerity and owning of the incident, would have liked to see a timeline though as “recently” is very open to interpretation.”

– Troy Hunt