Gumtree customer information accessed in data breach

Online classifieds site Gumtree Australia has been hacked, with some account holders receiving an email alert informing them of the breach Friday afternoon.

In the email sent to a number of users, Gumtree admits that attackers had infiltrated its system last weekend.

"We are writing to let you know that some of your Gumtree account information was compromised in a security attack last weekend," Gumtree said in the email. "The attackers accessed your email address."

In a statement released Friday afternoon, Gumtree confirmed that in addition to email addresses, contact names and phone numbers were also accessed.

"The contact name and phone numbers of the affected Gumtree users were also accessed; however in those instances, the details were already made public on the site by the users themselves when they posted an ad," Gumtree said in a statement.

Gumtree said that it does not store payment information on its site, which it said means no payment information has been compromised.

Although it confirmed email addresses and account names have been accessed, Gumtree maintained that account passwords have not been obtained by hackers.

Despite taking almost a week to tell account holders, the e-marketplace said it has resolved the situation.

"The incident was resolved within minutes of discovery and was an isolated event, only impacting some Gumtree Australia accounts," the company said.

"Safety and security of our community remains our number one priority and we continue to educate our users about staying safe online and identifying potential scams or phishing attempts from fraudulent parties."

Gumtree also said it has since taken extra steps to protect user information, confirming it has notified privacy regulators and the Australian Federal Police, in addition to affected users.

Australian department store David Jones revealed in October that customer details were stolen as a result of its website being hacked on September 25, 2015.

The retail giant said no customer credit card information, financial information, or passwords were stolen, as it does not store any credit card information or financial information on its website, but said the customer details that were stolen were names, email addresses, order details, and mailing addresses.

The breach came a day after Australian discount homewares chain Kmart revealed it had also experienced a breach. The Wesfarmers-owned company said no customer credit card or other payment details had been compromised; however, customer's names, email addresses, home addresses, telephone numbers, and product purchase details had been accessed in the "external privacy breach" that occurred in early September.

In November, TAFE Queensland also experienced a breach that saw the personal details of thousands of the state's TAFE students exposed.

Shadow Attorney-General Mark Dreyfus told ZDNet last week that should the opposition party win the upcoming federal election, it would move to get the stalled data breach-notification laws passed.

Australia is currently without data breach-notification laws, despite the Joint Parliamentary Committee on Intelligence and Security recommending in February 2015 that Australia have such laws in place before the end of 2015, prior to the implementation phase of the data-retention laws that Labor voted to introduce.