Knowing a fair bit about this sort of stuff I have no real concern as has been mentioned above, a few things to consider.

- The link is only good for 1 month, afterwards it's dead and you can only view your bill from within MySpark portal

- Each month you get emailed a new link with a new GUID so it's not like the old GUID is re-used.

- All this information is available from within the MySpark portal so in regards to attack vectors getting in and accessing your current and previous account history via your personal email address and either guessing your current password, or a password reset email and new password seems like a far more likely attack vector.

- This is the same information that is delivered into your letterbox which the vast majority of in NZ aren't secure

- It's no better or worse in many respects to attaching the PDF to an email, as it could be picked up in transit or lost at the destination since your email box was full.

So what is the big issue?