Kmart customer details hacked

Australian discount homewares chain Kmart is under investigation, following a data breach that occurred in early September which saw the personal details of its online customers hacked.
Written by Asha Barbaschow, Contributor

Kmart has employed IT forensic investigators after the personal details of its online customers were hacked.

The Wesfarmers-owned company said no customer credit card or other payment details have been compromised, however, customer's names, email addresses, home addresses, telephone numbers, and product purchase details had been accessed in an "external privacy breach" in early September.

"This breach only impacts a selection of customers who have shopped online with Kmart Australia," a statement from Kmart said. "If customers have not received a message from Kmart Australia regarding this situation they have not been impacted."

Kmart said that as soon as it became aware of the breach, it engaged IT forensic investigators.

It also contacted the Office of the Australian Information Commissioner (OAIC) and Australian Federal Police to review the matter.

In June, grocery giant Woolworths had to cancel over AU$1 million worth of shopping vouchers as a result of a data breach. Allegedly, emails containing gift card details were sent to a large number of customers.

The emails contained individual consumer's purchase history, as well as digital access to redeem gift cards, which would allow those in possession of the information to spend the balance online.

The data breach affected customers who purchased vouchers from the online saving site, Groupon. Once an e-gift card was purchased from the third party website, customers were advised that they would receive an email containing an attachment of their electronic voucher. However, upon opening the attachment, they discovered an excel spreadsheet containing the links to over AU$1 million worth of vouchers.

At the time, the OAIC was investigating the breach, with Australian Privacy Commissioner Timothy Pilgrim saying the OAIC approached Woolworths for further information to "determine what further action may be required".

In November last year, the OAIC released the government's Privacy Regulatory Action Policy, which explains the powers available to the privacy commissioner and formalises the approach he will take when using these powers.

Following the policy, the commissioner issued a strong warning to companies that attempt to cover up data breaches, or have failed to take a proactive approach towards ensuring that personal data is kept secure, saying that attempts to conceal a data breach "will not be looked well on by our office".

It is not compulsory for businesses to alert customers when a data breach occurs.

For the 2015 financial year ending June 30, Wesfarmers recorded annual earnings before interest and taxes (EBIT) of AU$3.76 billion. The retail giant's grocery arm Coles was the top retail performer for the year, leveraging off its growing digital bag of tricks, whilst homegoods store Target increased its online sales by 51 percent.

Kmart experienced 18 percent growth year-on-year and EBIT of AU$432 million, opened 11 new stores, and completed 29 refurbishments.

With AAP

Editorial standards