Hi everyone,
I am following up on Friday's blog where we communicated Rave Build's recent data breach. I deeply regret and apologise for this breach. We take this incident very seriously, and we are doing everything we can to secure our systems including: engaging with third-party experts to assist, and providing you with the transparency you need to protect yourselves and your customers.
Types of data
The data that Rave collects can be broken into two categories. Uploaded files and Database data.
Uploaded files are the PDFs, images, and documents that you upload to Rave. This could include:
- Council consents,
- Photos of projects
- Contracts
- Bills, invoices, and credit notes
Database data is all other data that can be entered into Rave. This could include:
- Names, phone numbers, emails addresses & other client information
- Addresses (home & postal)
- Messages between builders, subcontractors & clients
- Task dates & assignees
- Checklists
- Quote Requests, Purchase Orders, Bills & Invoices
NOTE: Our Rave Build website does not record credit card information
What was affected
All uploaded files until February 2023 were exposed and may have been taken by attackers.
Approximately 19,000 or 3% of uploaded files have been deleted by attackers. We were able to restore over 14,000 of those files from backups, but around 5,000 files were unrecoverable. We will be reaching out to affected clients individually with a list of files that we could not recover.
Attackers also stole a historical backup database from August 2021 which was stored on the same system. This was a backup made before the Schedule Update on the 8th of August 2021.
What you need to do
- Change your Rave password. Although Rave only stores hashed and salted passwords, these hashes may have been exposed. Changing your password now is an important step that you can take to keep your data safe.
- Consider your obligations under The Privacy Act after a data breach. You may need to notify your customers that their data has been exposed.
- Be on the lookout for phishing scams that could be impersonating you, your suppliers, or customers by copying an invoice or bill.
What we have done, and are doing now to stop this from happening again
- As soon as we became aware of the breach, Rave replaced the stolen credentials that were used by attackers and deactivated them.
- Rave has further restricted the permissions of credentials used internally.
- We have set up additional security alerts to notify us of any future suspicious activity.
- We have identified internal systems running older versions of software. These systems are currently being upgraded.
- We are engaging with an external security company that will independently audit our systems. We will use these findings to further secure our systems against attacks like this.
- We have identified ways to further secure Rave, and are undertaking work that will ensure Rave remains security focused.
I am truly sorry that this incident has occurred, and want to assure you that we are committed to protecting your information at all times. We will keep our website blog updated with any relevant news. If you have any questions, please do not hesitate to contact the team at help@ravebuild.co.nz, submit a ticket via our support portal, or call the team at 07 210 2228.
Barry Ward
CEO Rave Build
.png)
.png)
.png)