(Reuters) – New Zealand-based fuel supplier Z Energy Ltd on Wednesday said it has been presented with evidence that customer data from its Z Card Online database was accessed by a third party in November 2017.
The database held customer data such as names, addresses, registration numbers, vehicle types and credit limits with the company, Z Energy said in a statement. The data accessed did not include bank details, pin numbers or information that would put customer finances directly at risk, it said.
Z Energy did not specify the extent to which its customer data had been compromised.
The company said it had notified affected customers and advised the Privacy Commissioner of the breach. It said the system in question had been closed since December 2017.
The Z Card allows customers to manage fuel accounts online, and is used primarily by companies with vehicle fleets.
Z Energy said it had been made aware of a potential vulnerability in the system in November, but had not found evidence of any data breaches at that time.
Z Energy operates in both New Zealand and Australia. New laws in Australia requiring companies to report data breaches took effect in late-February this year.
Reporting by Ambar Warrick in Bengaluru