Incident NZ: New Zealand’s AA Traveler “@WeLoveNZ” data breach
New Zealand Data Breach, May 13 2022
Vulnerability in @WeLoveNZ database causes data breach at New Zealand’s AA Traveller
Names, email address, passwords and phone numbers compromised
New Zealand travel company has report suffering a privacy breach due to vulnerabilities on it’s @WeLoveNZ website.
Hackers have taken names, addresses, contact details and expired credit card numbers from the AA Traveller website used between 2003 and 2018.
AA travel and tourism general manager Greg Leighton said the data was taken in August last year and AA Traveller found out in March.
He said a lot of the data was not needed anymore, so it should have been deleted, and the breach “could have been prevented”.
Security investigator Troy Hunt posted a tweet showing a letter from AA Traveller to users confirming the incident and providing advice to members.
“Data breach at @WeLoveNZ. This is pretty well-written; I like the sincerity and owning of the incident, would have liked to see a timeline though as “recently” is very open to interpretation.”
– Troy Hunt