Kmart is the latest Australian company to fall victim to a cyber security breach.
According to a company statement, the retailer is urgently addressing an external privacy breach of its customer online product order system that occurred on September 29.
The breach included customers' identity (name), email addresses, delivery and billing addresses, telephone numbers and product purchase details. Kmart said no online customer credit card or other payment details were compromised or accessed.
Kmart sent emails directly to customers whose details were accessed and has posted details of the breach on its social media pages.
The Office of the Australian Information Commissioner (OAIC) released a statement explaining that the retailer notified it of the data breach on September 29.
The OAIC said it is waiting to receive further information about the incident from Kmart Australia once its own investigation had progressed.
“We will assess the information Kmart Australia provides to determine whether any additional action is required by the OAIC,” the department said in a statement.
“The OAIC is encouraged to see that Kmart Australia has notified affected individuals, and voluntarily notified the OAIC about this incident.”
Kmart claims the breach only impacts a selection of customers who have shopped online with the retailer. It said that if customers have not received a message regarding this situation, they had not been impacted.
As soon as Kmart Australia was made aware of the breach, it claims immediate action was taken to stop any further information being accessed.
“The safety and security of customer’s private information is a priority for Kmart Australia. Kmart Australia has engaged leading IT forensic investigators and has contacted the Office of the Australian Information Commissioner and Australian Federal Police to thoroughly review this matter,” the company said in a statement.
Kmart Australia was unable to make any further comment at the time of writing.
More to come...
Sign up for CIO Asia eNewsletters.