A telecommunications company has been accused of using leaked identity credentials to poach Telecom New Zealand customers in a breach that mirrors a similar theft which hit Vodafone Australia weeks earlier.
New Zealand's Herald on Sunday reported that a Telecom NZ dealer had leaked log-in information to telco rival Slingshot.
The rival's telemarketer, Power Marketing Limited, allegedly then gained access to Telecom NZ's Wireline customer database using the details.
Wireline reportedly contained some 2.15 million names, each including details on customers' plans. Credit card numbers and calling histories are not listed.
While Vodafone was breached because either staff or dealers had sold off shared database credentials, the alleged Telecom NZ leak was tied to a unique identity used by one of the telco's dealers. Telecom NZ has deactivated a dealer account implicated with the leak.
Telecom NZ retail chief Alan Gourdie said inappropriate access to Wireline is "unethical".
"Leaving aside the serious legal elements involved, Telecom [NZ] regards any improper access to, and misuse of, customer personal information as both unethical and disappointing," Gourdie said in a statement.
"If it is confirmed that an organisation or person has been fraudulently using log-in details to access unauthorised customer information, we will take all appropriate steps to pursue this matter."
Meanwhile, the country's competition watchdog is investigating Slingshot, according to the company.
Slingshot parent CallPlus' director has warned its subsidiary that it will face "severe ramifications" if it is found that Power Marketing Limited had accessed Wireline, according to the Herald.