Yahoo e-mail hack supports need for New Zealand law change: Privacy Commissioner
Xinhua, September 26, 2016 Adjust font size:
New Zealand authorities are monitoring the Yahoo hack that comprised up to 500 million user accounts with a view to changing the country's privacy laws, the Privacy Commissioner said Monday.
The hack affected a small portion of the 825,000 e-mail accounts that New Zealand telecom giant Spark provided to users through its partnership with Yahoo, Privacy Commissioner John Edwards said in a statement.
The hack exemplified the international nature of privacy, with the U.S. Federal Trade Commission and Irish Data Protection Commissioner already working together to make enquiries into the incident, he said.
It was not yet clear when Yahoo learned about the hack, which happened in 2014 and included names, e-mail addresses and security questions and answers used to reset passwords.
"When agencies lose customer data, they need to help those customers take steps to protect themselves by alerting them as quickly as possible," said Edwards.
"This is particularly true with a breach of this size and with such sensitive information."
Proposed reforms to the country's Privacy Act, including mandatory breach notification, were due to be tabled in the New Zealand Parliament in 2017.
"The fact that Yahoo may have known about the breach for a number of months before alerting the public shows why we need mandatory breach notification," said Edwards.
"Every day counts in a data breach and agencies need greater incentive to take a leaf out of Spark's book by promptly telling customers that their personal information has been compromised."
Spark said Monday that it was notified of the hack on Friday and staff have been analysing the data provided by Yahoo to identify the Spark customers who might be affected.
The number of e-mail addresses potentially at risk was 130,000, which was around 15 percent of its e-mail address base, said a statement from the company. Endit