Up to 130,000 of Spark's Xtra customers have been caught up in a massive data breach involving its former email provider, Yahoo.
Yahoo announced late last week that a copy of some of its user account information was stolen from the company's global network in November 2014.
The stolen data included names, email addresses, telephone numbers, dates of birth and encrypted passwords, but not credit card information, it said.
Spark said, over the next two days, it would contact every customer whose email address had been compromised and ask them to immediately change their passwords.
The company estimated 130,000 people were at risk, which was about 15 percent of its Xtra address base.
It said Yahoo had no evidence the stolen information had been used to gain access to Spark accounts.
Spark is in the process of moving all of its email systems back to New Zealand.
Yahoo, which was sold to US telecoms giant Verizon for $US4.8 billion in July, said last week it believed the cyber attack was "state-sponsored". It did not say which country it held responsible.
The FBI was reported to be investigating the claims.
With about 500 million users affected, the scale of the hack has eclipsed other recent major tech breaches - such as MySpace (359 million), LinkedIn (164 million) and Adobe (152 million).
- RNZ / BBC