Vector and Stuff to reach out-of-court settlement over data breach

An unknown hacker is alleged to have accessed the information and given it to Stuff. Photo/123RF.

Vector and Stuff will likely cut an out-of-court deal after the electricity and gas company took legal action alleging the media organisation refused to return or destroy information it received following a data breach.

The NZX-listed energy firm had applied to the High Court for an injunction to prevent Stuff further using the leaked data.

• Read more: Vector takes legal action against Stuff over customer information it received after data breach

Stuff editorial director Mark Stevens said it had already been destroyed and Vector's QC Andrew Brown told Justice Simon Moore in the High Court this morning that an undertaking from the media company may now be enough to deal with the situation.

Both companies will see if an agreement is possible and Justice Moore put off the case until Wednesday to see if a resolution can be reached.

On April 26, an unknown hacker accessed the personal information of up to 24,000 Vector customers through its Vector outage app - information that was then passed to Stuff.

The information included customer names, phone numbers, email and postal addresses but not financial information, Vector said.

Vector said last week that it had asked Stuff several times to return or destroy the information but this had been repeatedly refused.

But according to Stevens, the data had been held only until news on the story was finished, at which point the file, received through a secure server, was destroyed.

"We did not agree to demands from Vector to return material to them because that could obviously risk identifying our source," Stevens said.

"We not only had the protection of the customer data to consider but also the protection of our source," he said.

"We have, at all times, treated this information responsibly. Its circulation was limited to staff who needed to see it for news-gathering purposes."