A recent cybersecurity event has affected the New World Clubcard loyalty and online shopping programme in New Zealand, prompting a warning for customers to update their passwords.
The supermarket chain notified members that external actors had attempted to access accounts by testing commonly used passwords across multiple usernames.
According to RNZ’s report, New World’s technology team detected unusual activity and determined that some accounts with weaker or reused passwords may have been accessed without the cardholder’s authorisation.
While most customers were informed that their accounts were not compromised, all Clubcard members were encouraged to change their passwords as a precaution.
The company stated that its internal systems remained secure and that it continues to monitor for further suspicious activity.
New World, owned by Foodstuffs, is working with cybersecurity specialists to protect customer data. Foodstuffs did not provide further comment on the matter.
The incident at New World comes as global business leaders express heightened concern about cyber threats.
According to Beazley’s 2025 Risk & Resilience report, 29% of surveyed executives now consider cyber risk their primary concern, up from 26% in the previous year. This marks the first increase in perceived cyber risk since 2021.
Despite this, 83% of respondents reported feeling prepared to address cyber threats, an increase from 74% last year.
The report suggested that this confidence may not fully account for the growing complexity of cyber threats.
Aon’s 2025 Cyber Risk Report examined the financial impact of cyber incidents, particularly those that escalate into reputation-related events.
Reviewing more than 1,400 global cyber events, the report identified 56 incidents that led to significant media attention and a measurable decline in share price.
On average, affected companies experienced a 27% reduction in shareholder value. The analysis found that malware and ransomware attacks were most likely to result in reputational consequences, representing 60% of reputation-related incidents while accounting for 45% of all cyber events reviewed.
Beyond password vulnerabilities, the theft of web cookies has become an increasingly common method for unauthorised access.
Web cookies, which store login credentials and user preferences, can be exploited by threat actors to bypass authentication and facilitate digital fraud.
Data from NordVPN indicated that approximately 94 billion browser cookies were compromised globally in the past year, a 74% increase compared to the previous period. These cookies can enable attackers to access accounts even after users have logged out or closed their browsers.
