Attribute:

Your date of birth was exposed as a result of this security incident.

 

Potential Risks:

Individually, this is a low risk identity attribute, however in combination with other attributes (such as your full name, address and phone number) scammers engaging you by telephone or email may appear more legitimate.

 

Recommendations:

Keep being scam vigilant and stay across the latest scams by regularly visiting IDCARE, connecting with IDCARE's Social Media and subscribing to IDCARE's free online newsletter, the 'Cyber Sushi'.

You can also use services such as Scamwatch or haveibeenpwned.com that collate a wealth of scam information and provide alerting services to our community.

There are some good resources available to you through Netsafe NZ and CERT NZ for more information on how to protect yourself online.

Attribute:

A password that was used for booking travel through an historic AA Traveller website has been exposed as a result of this website security incident.

 

Potential Risks:

The exposure of a password on its own may not result in any immediate risks to you. However where this attribute is exposed in combination with an email address - motivated attackers may use this information to gain unauthorised access to your online accounts (Social Media, E-mails etc. )

 

Recommendations:

We are unable to advise customers as to the specific password which has been exposed. Therefore, it is recommended that you initiate password resets on any online accounts with which you may have used the same or similar password. 

While you are there, it is a good idea to enable multifactor authentication on these accounts. This will prevent someone from accessing your online accounts without first obtaining a passcode sent to your mobile phone number or email address.

Additionally, you may wish to use a password manager to help you create long, strong and unique passwords and store these securely.

Attribute:

An email address that you use or have used was included in the data that was exposed through this security incident.

 

Potential Risks:

Scammers may send emails to these addresses that may include malicious attachments, links to fake websites or malware.

The email from the criminal may appear legitimate as they may impersonate a legitimate organisation or individual in order to build trust.

There is also the risk of deception through business email compromise (also known as a false invoice scam). This is where a scammer issues a fraudulent invoice or an "update" to bank details for a business they have compromised. 

Individuals who receive this email and follow through with the payment will end up sending money to the scammers, not the business.

Always contact the business directly on a known number (not the one included in the suspected fraudulent email) if you are advised to update payment details.

 

Recommendations:

Beware of phishing emails, including those asking to update billing details or pay invoices. Don't click links or download applications or documents from suspicious looking email communications. 

You should continue to be safe online by not responding to any emails or social media communications that you consider suspicious. You can check that the sender or caller is who they say they are by checking official company websites. For the AA and AA Traveller you can check this from the Contact Us page on our website.

There are some good resources available to you through CERT NZ and Netsafe NZ for more information on how to protect yourself online.

Attribute:

Your full name was exposed as a result of this website security incident.

 

Potential Risks:

Individually, this is a low risk identity attribute, however in combination with other attributes (such as your date of birth, address or phone number) scammers engaging you by telephone or email may appear to be a legitimate source. They may attempt to increase the believability of their ruse by quoting details about you.

 

Recommendations:

Keep being scam vigilant and stay across the latest scams by regularly visiting IDCARE, connecting with IDCARE's Social Media and subscribing to IDCARE's free online newsletter, the 'Cyber Sushi'.

You can also use services such as Scamwatch or haveibeenpwned.com that collate a wealth of scam information and provide alerting services to our community.

There are some good resources available to you through Netsafe NZ and CERT NZ for more information on how to protect yourself online.

Attribute:

Your residential address was exposed as a result of this website security incident.

 

Potential Risks:

Individually, this is a low risk identity attribute, however in combination with other attributes (such as your date of birth, name and phone number) scammers engaging you may appear more legitimate. They may attempt to increase the believability of their ruse by quoting details about you (such as your address).

 

Recommendations:

Keep being scam vigilant and stay across the latest scams by regularly visiting IDCARE, connecting with IDCARE's Social Media and subscribing to IDCARE's free online newsletter, the 'Cyber Sushi'.

You can also use services such as Scamwatch or haveibeenpwned.com that collate a wealth of scam information and provide alerting services to our community.

If you are concerned for your personal safety as a result of this information being exposed, you may wish to contact the police and raise the issue with them. If you need any assistance with this, please contact our support team at 0800 500 050. 

Attribute:

A phone number you use or have used was included within the data exposed through this website security incident. This could be your mobile or a landline/home phone number

 

Potential Risks:

The exposure of a phone number can leave you open to being targeted by spam or scam phone calls.

These can appear to be from legitimate phone numbers with local area codes.

They often claim to be an authority or organisation, such as the police, a telecommunication company or a government entity.

The scam-caller will frame the call with a sense of urgency.

For instance, they may pose the scenario that you are being "targeted by criminals" or you "will be arrested" if you do not act. This may be through a robo-call or you may be contacted by a person.

Scammers may also send fraudulent SMS messages to the phone number. These may impersonate a legitimate organisation and include a link to a malicious download or scam website.

You should also continue to be safe online by not responding to any emails or social media communications that you consider suspicious or calls from numbers you don’t recognise.  You can check that the sender or caller is who they say they are by checking official company websites. For the AA and AA Traveller you can check this from the Contact Us page on our website.

  

Recommendations:

Do not click links or download applications from suspicious text messages. 

If you'd like to be quizzed on your resilience to scam calls, messages and other online threats, you can take a scam resilience test such as this one from IDCARE.

There are some good resources available to you through CERT NZ and Netsafe NZ for more information on how to protect yourself online.

 

Attribute:

A credit card associated with an enquiry form through the AA Traveller website has been exposed because of this website security incident.

The credit card details were for an expired card. 

Why was there credit card information stored?

The travel bookings that were facilitated on the AA Traveller site involved a range of accommodation and tourism providers and offered the choice of making an enquiry as opposed to a booking. The enquiry form provided the ability to offer additional information. Sometimes customers provided their credit card details as part of this additional information rather than through the formal booking process that utilises a Payment Card Industry certified payment provider. This has resulted in the unintentional storage of Credit Card data.

 

Potential Risks:

The exposure of a credit card number may pose a risk of direct financial misuse - including unauthorised transactions.

 

Recommendations:

Report the compromise of your credit card to the relevant issuing financial institution. You may explore additional protective actions with them directly. 

Attribute:

Your AA Smartfuel Card Number was exposed as a result of this website security incident.

 

Potential Risks:

Individually, this is a low risk identity attribute, however in combination with other attributes (such as your name, date of birth and phone number) scammers engaging you may appear more legitimate. 

In addition, be aware that someone may misuse your AA Smartfuel card number to earn and redeem discounts on fuel or with other AA Smartfuel partners from your account. 

Recommendations:

Follow the advice online to unlink an existing AA Smartfuel Card and add a new, AA Smartfuel card: Link.

Beware of phishing emails, including those asking to update billing details or pay invoices. Use an up-to-date anti-virus application that includes email protection and scanning.

You should continue to be safe online by not responding to any emails or social media communications that you consider suspicious. You can check that the sender or caller is who they say they are by checking official company websites. For the AA and AA Traveller you can check this from the Contact Us page on our website.

There are some good resources available to you through Netsafe NZ and CERT NZ for more information on how to protect yourself online.

Attribute:

Your AA Membership card number was exposed as a result of this website security incident.

 

Potential Risks:

There are no immediate identity risks as a result of this attribute exposure. However scam calls, text messages and emails purporting to originate from the AA or AA Traveller may quote your AA Membership number in an attempt to legitimise their communications with you.

 

Recommendations:

You can request a replacement card by contacting AA Membership, here.

Beware of phishing emails, including those asking to update billing details or pay invoices.
Use an up-to-date anti-virus application that includes email protection and scanning.

You should continue to be safe online by not responding to any emails or social media communications that you consider suspicious. You can check that the sender or caller is who they say they are by checking official company websites. For the AA and AA Traveller you can check this from the Contact Us page on our website.

Emails from the AA, including AA Traveller, will have the address format of xxxx@aa.co.nz  and xxx@aatravellersupport.co.nz

The AA’s outbound calling team may call you if your AA Membership has lapsed. This call will come from 09 9272638.  The outbound calling team will always leave a message, to which you can then call the main AA’s 0800 number (0800 500 444) and a call taker will put you through to the team directly.

If you suspect you have received a fraudulent communication from an individual or group impersonating AA NZ, please email online@aa.co.nz and we will investigate this.

There are some good resources available to you through Netsafe NZ and CERT NZ for more information on how to protect yourself online.

Attribute:

Your AA Membership card number was exposed as a result of this website security incident.

 

Potential Risks:

There are no immediate identity risks as a result of this attribute exposure. However scam calls, text messages and emails purporting to originate from the AA or AA Traveller may quote your AA number in an attempt to legitimise their communications with you.

 

Recommendations:

Please remain vigilant to phishing emails or other scam communications from organisations claiming to be AA Traveller or a financial institution.

Emails from the AA, including AA Traveller, will have the address format of xxxx@aa.co.nz and xxx@aatravellersupport.co.nz

The AA’s outbound calling team may call you if your AA Membership has lapsed. This call will come from 09 9272638.  The outbound calling team will always leave a message, to which you can then call the main AA’s 0800 number (0800 500 444) and a call taker will put you through to the team directly.

If you suspect you have received a fraudulent communication from an individual or group impersonating AA NZ, please email online@aa.co.nz and we will investigate this.

You can also report this to CERT NZ, Netsafe NZ.

Beware of phishing emails, including those asking to update billing details or pay invoices.
Use an up-to-date anti-virus application that includes email protection and scanning.

You should continue to be safe online by not responding to any emails or social media communications that you consider suspicious. You can check that the sender or caller is who they say they are by checking official company websites. For the AA and AA Traveller you can check this from the Contact Us page on our website.

There are some good resources available to you through Netsafe NZ and CERT NZ for more information on how to protect yourself online.