Z Energy says its customer database for the Z card online was breached due to a security flaw and has advised affected customers and the Privacy Commissioner of the failing.
The online system lets people manage fuel accounts, mainly business fleets.
Wellington-based Z released a statement saying it was presented with evidence today that the database was accessed by a third party in November last year and "has immediately acted to let affected customers know what data may have been accessed and has also advised the Privacy Commissioner of the breach".
The transport fuels company was aware of the vulnerability last November and took steps to deal with the flaw, closing the system on December 15 last year, it said.
The database included information such as a customer's name, address, registration number, vehicle type and credit limits with Z, but no "bank details, pin numbers or information that would put customer finances directly at risk".
