Scoop has an Ethical Paywall
Work smarter with a Pro licence Learn More

Video | Agriculture | Confidence | Economy | Energy | Employment | Finance | Media | Property | RBNZ | Science | SOEs | Tax | Technology | Telecoms | Tourism | Transport | Search

 

InternetNZ weighs in on Z Energy data breach

28 June 2018

InternetNZ believes the Z Energy data breach provides a useful lesson for them, and other organisations.

Ben Creet, Policy Manager at InternetNZ and author of New Zealand’s guidelines of security vulnerability disclosure says, “Once the media get involved in a security breach like Z Energy have had, there has been a failure of processes to disclose and fix a vulnerability.”

Firstly, this is a data breach. That’s why it’s important that the Privacy Bill and it’s mandatory data breach reporting regime is enacted. New Zealand needs to collectively lift it’s game when data breaches happen. The default position should be to tell your customers when a breach occurs.

If people are finding vulnerabilities and data breaches in New Zealand organisations websites and services you should report to CERTNZ, they are the experts and have the mana to get organisations attention. You can report a vulnerability to CERT here: https://www.cert.govt.nz/it-specialists/guides/reporting-a-vulnerability/

Additionally, we think that more New Zealand organisations should have their own vulnerability disclosure policies. The New Zealand Internet Task Force released guidelines about how to report, and receive information about security problems in 2013: http://www.nzitf.net.nz/pdf/NZITF_Disclosure_Guidelines_2014.pdf

Advertisement - scroll to continue reading

Are you getting our free newsletter?

Subscribe to Scoop’s 'The Catch Up' our free weekly newsletter sent to your inbox every Monday with stories from across our network.

We run a disclosure policy for the .nz registry (here) and organisations like SkyTV, Vend and even the Office of the Privacy Commissioner have their own policies to encourage reporting directly to their security experts.

InternetNZ will be reaching out to Z Energy on how they can implement a disclosure framework so that vulnerabilities are identified and fixed in a safe, collaborative timely manner.


ends

© Scoop Media

Advertisement - scroll to continue reading
 
 
 
Business Headlines | Sci-Tech Headlines

 
GenPro: General Practices Begin Issuing Clause 14 Notices

GenPro has been copied into a rising number of Clause 14 notices issued since the NZNO lodged its Primary Practice Pay Equity Claim against General Practice employers in December 2023.More

SPADA: Screen Industry Unites For Streaming Platform Regulation & Intellectual Property Protections

In an unprecedented international collaboration, representatives of screen producing organisations from around the world have released a joint statement.More

 
 
 
 
 
 
 
 
 
 
 
 

Join Our Free Newsletter

Subscribe to Scoop’s 'The Catch Up' our free weekly newsletter sent to your inbox every Monday with stories from across our network.