[ad_1]
SUPPLIED
Vodafone NZ said that only people’s names and addresses were forwarded to other customers.
Approximately 500 Vodafone customers have received invoices by email with the names and addresses of other customers, the company has acknowledged.
Spokesperson Nicky Preston said the misinformation was submitted last week before Vodafone NZ stopped executing the invoice when the issue was identified.
Preston said that while no data breaches were excellent, only the names and addresses had been incorrectly disclosed to other customers.
“Everything was correct except the name and address. There were no credit card details or anything like that. “
READ MORE:
* Object to ‘Vodafone Aotearoa’? Better not change us, says 2degrees
* Vodafone information flaw ‘serious privacy breach’
* Thousands of private ‘vulnerable’ customer data shared by the Vector app
Vodafone was contacting people whose details were disclosed to advise them and apologize, it said.
“There are some people who are more concerned than others.”
The cause was being investigated, he said.
Trevor Andrews, a freelancer from Christchurch, was one of the clients who received an invoice with the name and address of another client.
“I don’t know if I’m overreacting or not, but they have breached security,” he said.
“I know who he is and where he lives and I could knock on his door.”
He was surprised that the company’s advice was to simply delete the email, and he was concerned that his data might have been given to someone else.
Beginning in December, it will be mandatory for organizations to notify the Privacy Commissioner’s Office if they experience a privacy breach that may cause serious harm.
The office has developed an online tool designed to help organizations determine if data breaches cross that threshold.
The default advice the tool appears to provide if an organization is unsure of the consequences of a breach appears to be that they should report it, even if it is not obviously sensitive information.
