news National retailer Kmart has called in the Australian Federal Police and the Office of the Australian Information Commissioner to investigate an IT security breach which it has confirmed saw customers’ data accessed by unknown parties.
In a statement yesterday, the Wesfarmers-owned company — which operates some 203 stores around Australia as well as a 246-location strong network of Kmart Tyre and Auto outlets — sad its online order system had been breached yesterday.
“The breach included customers’ identity (name), email address, delivery and billing address, telephone number and product purchase details,” the company said. “No online customer credit card or other payment details have been compromised or accessed.”
“Yesterday, an email was sent directly to those customers whose details were accessed to inform them of this situation and Kmart Australia has posted details of the breach on its social media pages. This breach only impacts a selection of customers who have shopped online with Kmart Australia. If customers have not received a message from Kmart Australia regarding this situation they have not been impacted.”
The company said as soon as Kmart was made aware of the breach, immediate action was taken to stop any further information being accessed. “The safety and security of customer’s private information is a priority for Kmart Australia,” the company said.
Kmart has engaged “leading” IT forensic investigators and has contacted the Office of the Australian Information Commissioner and Australian Federal Police to thoroughly review the matter. It apologised to customers for the breach and advised any concerned customers to contact the company directly on 1800 124 125.
I suspect that this kind of breach is more or less a dime a dozen at the moment — and that we’re not hearing about a lot of the activity. In this sense, security is a bit like an iceberg — there are doubtless many more corporate breaches of this nature swimming below the surface unreported. It will be fascinating to see how many finally come up for air if compulsory data breach legislation ever passed the Federal Parliament.