Fuel company Z admits security breached
Fuel company Z has admitted a major security fault that potentially allowed access to an as-yet unknown number of business accounts and personal details.
Z was unaware of the full extent of the breach until told this week as part of an investigation by Stuff Circuit.
Chief executive Mike Bennetts immediately apologised and invited customers, who think they may have been affected to contact the company.
A replacement system that does not have the flaw is now up and running.
The problem hit the company’s Z Card online system, which allows people to manage fuel accounts, mostly for business fleets. There are about 45,000 Z fuel cards in the country.
Z was alerted to the ‘‘critical flaw’’ by a member of the public on November 29 last year.
Bennetts told Stuff Circuit the com- pany set up a ‘‘war room’’ to investigate.
‘‘Our expert said there is a possibility it could be vulnerable so we put in place an additional fix. We upgraded the software and we released that to the market on December 6, giving ourselves and ultimately our customers confidence that whatever vulnerability there may have been had actually been closed off.’’
However a source has told Stuff Circuit that upgrade was a ‘‘half-baked fix’’ because access was still possible.