Exploit: Accidental data sharing
Earthquake Commission: Crown Entity 

Risk to Small Business: 1.616 = Severe

The Earthquake Commission has come under public scrutiny after the organization accidentally shared peoples’ personal information with a company lawyer and their client. The organization was quick to blame an employee who failed to implement data security stopgaps intended to prevent such an error. The breach has been a PR disaster for the company, which has been slow to notify victims and repair the damage. As a result, the Earthquake Commission is experiencing media scrutiny and intense customer blowback as those angered by the incident speak publicly about their frustration with the company. 

Individual Risk: 2.101 = Severe

The breach exposed customers personal data, including names, addresses, and payment details. Victims should carefully monitor their accounts for potential misuse, while continuing to press the company to take necessary steps to secure this information. 

Customers Impacted: 8,000

How it Could Affect Your Customers’ Business: Data breaches are expensive, but the less-quantifiable reputation damage that always accompanies a breach can be equally problematic. As this incident demonstrates, today’s consumers have little patience for cybersecurity lapses, and they are not assuaged by apologies. Therefore, businesses wanting to thrive in today’s digital environment need to be proactive about data security, considering it a critical customer demand in 2020 and beyond. 

Source:
https://www.rnz.co.nz/news/national/418375/eqc-apologises-again-for-delay-in-contacting-homeowners-over-data-leak