news David Jones today notified customers that it had become the latest casualty in a hacking spree which appears to be targeting Australian retailers.
The retailer said in a statement today that it had recently advised a number of its online customers that a third party exploited a vulnerability in its website to extract limited customer information. The information obtained was restricted to customer name, email address, order details and mailing address.
No credit card information, financial information or passwords were obtained as David Jones said it does not store any credit card information or financial information on its website. According to the retailer, there is so far no indication that the stolen information has been misused in any way.
“As soon as David Jones learned of the incident, we moved swiftly to prevent any further unauthorised access,” the retailer said. It has directly contacted customers who were affected, as well as informing the Australian Federal Police, the Attorney-General’s Department and the Office of the Australian Information Commissioner of the situation and consulting with “cyber security experts”.
“David Jones takes its customers’ privacy seriously,” the company said. “We have security procedures in place to protect our customers’ information when using our webstore. This type of unauthorised access is a crime and unfortunately, cybercrime is a persistent threat in today’s world. Despite our best efforts, no business is immune and we sincerely apologise that this has occurred.”
The retailer believes the vulnerability which was used to access its data has been shut down.
“We are committed to making this right and are taking action to reduce the likelihood of this happening again. We are reviewing our systems, security measures and working with expert security consultants. Protecting our customers is of paramount importance to us,” it said.
The news comes as hackers appear to be targeting retailers more generally across Australia at the moment.
National retailer Kmart this morning revealed it had called in the Australian Federal Police and the Office of the Australian Information Commissioner to investigate an IT security breach which it has confirmed saw customers’ data accessed by unknown parties.
Who’s next? As I wrote about the Kmart incident:
I suspect that this kind of breach is more or less a dime a dozen at the moment — and that we’re not hearing about a lot of the activity. In this sense, security is a bit like an iceberg — there are doubtless many more corporate breaches of this nature swimming below the surface unreported. It will be fascinating to see how many finally come up for air if compulsory data breach legislation ever passed the Federal Parliament.