A glitch in electricity network provider Vector's outage app means the personal information of up to 35,000 customers might have been accessed by others.
The glitch has made customers' names, email addresses, physical locations and phone numbers accessible to anyone who has downloaded the app.
The Vector app allows customers to view an outage map, as well as report individual outages.
It came under scrutiny earlier this month when a monster storm knocked tens of thousands of Aucklanders off the grid.
Vector's chief digital officer Nikhil Ravishankar said the company had been made aware of a vulnerability in the app.
"It has been brought to our attention that as many as 35,000 customers may have had this identifying information accessed at some point last week," she said.
"We believe the accessible information includes the names, phone numbers and email addresses of customers who reported an outage through the app as well as data which could lead to the identification of their address."
Ravishankar said no customers' financial or banking information was held in the app, and the data breach had not compromised the security of their network or website.
The company was "deeply sorry" for the data breach, she said, which came as the company was working on improving customers' information experience.
The statement noted relaying of information to customers was a "clear problem" during the April 10 storm.
A reader who contacted Stuff found they were able to access 33,000 listings of Vector customers' details.
The person who got in touch with Stuff said the glitch targeted consumers when they were at their most vulnerable - without power, security alarms and lighting.
"Vector, through its negligence and mediocrity has provided the criminally inclined with a smorgasbord of opportunity," they said.
"Our agenda is simply to shine the light on this lack of basic competence at one of the country's most important infrastructure networks, to protect fellow citizens by exposing this abuse of consumer privacy and to ensure accountability by the perpetrators."
Ravishankar said work had already commenced to overhaul the Vector Outage App.
The app had been disabled in the meantime, until the company could have total confidence in customers' data.