Aquila Technology suffers data breach of customer PIIs

Aquila Technology, a small New Zealand technology supplier and online retailer, has been hit with a cyber attack that caused a data breach which may have compromised both past and present customers PIIs, including credit card information. 

The online-based, private family-run company sells a deluge of technology products to businesses and individuals alike, including PCs, mobile phones, business communications equipment, consumables, software and other products from industry popular vendors. Since 2002, they have processed over 30,000 orders on their online site and currently have 12,000 registered customers. 

In an email sent to customers, shared on Geekzone, the company stated “We value your business and respect the privacy of your information” and were writing to inform them “about a data security incident that may involve your personal information”. The company said they had only recently become “aware of a security breach to our website and have been working with a cyber security expert to determine the cause and extent”. 

The company goes on to state that “the data accessed may have included personal information such as personal or credit card information” and were “working closely with our bank and credit card issuers and have notified the Privacy Commissioner to ensure the incident is properly addressed”. 

Aquila Technology also said to its customers it values their “privacy and deeply regrets that this incident has occurred. We have already taken steps to implement additional security measures designed to prevent a recurrence of such an attack, and to protect the privacy of our valued customers”. 

Aquila Technology confirmed to Techday that they were “in the process of advising all past & present customers with the information that was posted to Geekzone”. 

What does this mean for affected customers? 

In regards to this data breach, Aquila Technologies recommended that customers:  

• Reset their password using the Forgot Password feature on their website as a precaution.  
• If the customer has used the same password for other websites that they did for their Aquilatech account, they were advised to change it there too in order to prevent threat actors from being able to gain access. 
• And also they additionally recommended their customers, if “not already in the habit”, keep data safer online by taking up a password manager as a further safeguard. 

The company said “For further information or assistance please contact us during regular business hours or simply reply with your query, and we will respond to you asap”. 

If a customer has suffered a breach of credit card breach, their “bank will be in touch” directly. 

The trend of attacking small businesses 

In the digital age, cybercrime is one of the fastest growing criminal enterprises. 43 percent of data breaches involve small-to-medium businesses and at least 61 percent of small-to-medium businesses experienced at least one cyber attack last year. These factors, paired with how online retailers are top targets for hackers due to storing a treasure trove of high-value assets like customer PIIs, show it’s not really surprising that a business like Aquila Technology has become the latest victim of cybercrime. 

When small-to-medium businesses were asked about the effectiveness of their cybersecurity posture in 2018, only 11 percent described their cybersecurity posture as ‘very effective’. Top reasons cited by small-to-medium companies for lacking security were: 

• Insufficient IT budget, which scored 55 percent. 
• Insufficient personnel, rating 74 percent. 
• No understanding on how to protect against cyber attacks, which was 47 percent. 
• And lack of in-house expertise, rating 37 percent. 

These days, threat actors seem all too aware about how vulnerable and lacking in resources small businesses are in comparison to the robust, cybersecurity fortresses that big companies are continuously trying to build and maintain around themselves, making them an easy target to score assets.  

As the majority of small businesses are not prepared for the devastation a cyber attack leaves in its wake, 60 percent close within the first six months of being hacked. Taking this into account, the fact that 91 percent of small businesses haven’t even bought cyber liability insurance shows a general lack of foresight and awareness about all-too-common threats in cyberspace.  

With this latest data breach of customer PIIs, it shows again how small businesses don’t fly under the radar for threat actors, always having some asset of value hackers want, and how it’s incredibly critical that all companies are prioritising and adopting strategies that fall in line with cybersecurity best practices and don’t fall behind in combating ever-evolving cyber threats.