News

Hackers steal sensitive information from 20,000 new brighton hot pool customers

Chris Lynch
Chris Lynch
Sep 07, 2022 |
Christchurch

Computer hackers have stolen sensitive information from 20,000 New Brighton Hot Pool customers.

Proof of address information stored in the He Puna Taimoana cloud server of He Puna Taimoana customers was illegally accessed and downloaded by a third party.

Council’s head of recreation and sport Nigel Cox emailed thousands of customers today.

“As a customer of He Puna Taimoana, your information may have been accessed in connection with the breach.

The security of your information is Christchurch City Council’s upmost priority and we appreciate the need to provide information regarding the breach to you as quickly as possible.

On 24 August, the Christchurch City Council was notified of the breach by a third party who had been contacted by an individual claiming to have accessed and downloaded certain files stored on the He Puna Taimoana cloud server.   

“At this stage, we have reason to believe that the third party who accessed and illegally downloaded files stored on the He Puna Taimoana cloud server is a “white hat hacker”, being an individual who exploits computer systems or networks to identify vulnerabilities in order to encourage improvement or enhancement to the security of those systems or networks.  

The Council said the information accessed and downloaded from the He Puna Taimoana cloud server consists of scanned copies of proof of residency information used by He Puna Taimoana to verify address information for the purpose of offering resident discounts.

The accessed proof of residency information comprises a range of scanned materials such as copies of drivers’ licences, rates invoices, tenancy agreements, utility bills, other Council membership cards and in limited instances passport copies. This information contains personal information, predominately names and addresses of He Puna Taimoana customers and potentially other sensitive categories of personal information including passport and drivers’ licence details. 

Approximately 20,000 files have been illegally downloaded by the third-party actor from the He Puna Taimoana cloud server. At this stage, we have no reason to believe the information has been further disclosed by the third-party actor other than to the third party who has informed us of the breach.

“Our immediate priority has been to secure the underlying vulnerability in our systems which facilitated the breach.”

On becoming aware of the breach, the council said it immediately engaged a third-party vendor who administers the He Puna Taimoana cloud server.

The vendor was able to install a security update and has confirmed that the vulnerability which was exploited has now been resolved.

“We are continuing to engage with our vendor together with internal stakeholders to further investigate underlying cause of the breach and identify improvements to our system security and processes, including our information collection practices.”

“We are working closely with the Office of the Privacy Commissioner (OPC) as part of our response. The OPC was also made aware of the breach on 24 August. We formally notified the Privacy Commissioner of the breach on Friday 26 August 2022 and continue to work with them in respect of our investigations into the breach and our broader response. We are conscious of our obligations under the Privacy Act 2020 and the impact such a breach may have on customers of He Puna Taimoana”

Chris Lynch
Chris Lynch

Chris Lynch is a journalist, videographer and content producer, broadcasting from his independent news and production company in Christchurch, New Zealand. If you have a news tip or are interested in video content, email [email protected]

More from Crime

Christchurch gang member arrested under new Gang Act laws
Christchurch gang member arrested under new Gang Act laws
Nov 26, 2024 |
Crime
Police ready to enforce tough new gang laws from midnight
Police ready to enforce tough new gang laws from midnight
Nov 20, 2024 |
Crime
Police seek witnesses following serious unprovoked assault in Christchurch
Police seek witnesses following serious unprovoked assault in Christchurch
Nov 19, 2024 |
Crime
Man gets jail sentence replaced with home detention after killing stranger in Linwood park
Man gets jail sentence replaced with home detention after killing stranger in Linwood park
Nov 13, 2024 |
Crime
Parents in Cashmere urged to review child safety after attempted abduction incident
Parents in Cashmere urged to review child safety after attempted abduction incident
Nov 13, 2024 |
Crime
▶️ Christchurch worker confronts offenders, smashing stolen cars with baseball bat after liquor store ram raid
▶️ Christchurch worker confronts offenders, smashing stolen cars with baseball bat after liquor store ram raid
Nov 11, 2024 |
Crime
30 linked to gangs arrested in police operation across Canterbury
30 linked to gangs arrested in police operation across Canterbury
Nov 10, 2024 |
Crime
Armed police raid Wainoni house
Armed police raid Wainoni house
Nov 06, 2024 |
Crime
Police urge victims of Christchurch sextortion scheme to come forward
Police urge victims of Christchurch sextortion scheme to come forward
Nov 05, 2024 |
Crime
Christchurch gang member arrested under new Gang Act laws
Christchurch gang member arrested under new Gang Act laws
Nov 26, 2024 |
Crime
Police ready to enforce tough new gang laws from midnight
Police ready to enforce tough new gang laws from midnight
Nov 20, 2024 |
Crime
Police seek witnesses following serious unprovoked assault in Christchurch
Police seek witnesses following serious unprovoked assault in Christchurch
Nov 19, 2024 |
Crime

Have you got a news tip? Get in touch here

got a news tip?