[BreachExchange] Thousands of customers exposed in kitchenware brand data leak

Destry Winant destry at riskbasedsecurity.com
Thu Oct 18 10:50:17 EDT 2018


https://thenewdaily.com.au/money/consumer/2018/10/15/neoflam-data-breach-australian-customers/

Kitchenware brand Neoflam Australia has mistakenly published its
internal warranty records, exposing the private information of more
than 7500 of its customers, The New Daily can reveal.

A page under the brand’s website revealed the full name, age or age
bracket, gender, phone number, home address and email of customers
from between 2010 and 2015.

It also published the items, date purchased, and the name of the store
the item was purchased from. The information amounts to 400 pages.

Neoflam Australia took the page offline about two hours after being
alerted to the breach by The New Daily.

The breach did not reveal any banking details.

The multinational brand is known for its colourful and eco-friendly
frypans, chopping boards and storage containers.

The Australian arm is run out of Mullumbimby on the New South Wales
north coast. Its Australian and New Zealand-based Facebook page has
more than 5000 followers.

One of the customers exposed in the breach told The New Daily it was
“outrageous” that the company could be so careless with private
information.

Pete, who did not want to be further identified, purchased a 26cm-deep
casserole dish from a Melbourne store on October 9, 2015.

“Any brand has a responsibility to maintain the privacy of their
customers,” Pete said.

“Personally, I don’t like it. I’m not happy about it.”

But he acknowledged, “It’s very hard to hide yourself these days”.

“I know there’s not a lot I can do, to be honest.”

Another customer, NSW woman Caitlin, said she tried not to give out
too much information “willy-nilly” and expected better.

“I’m not exactly thrilled to hear this,” Caitlin told The New Daily.

She said she would take it as a reminder to be careful when giving out
information.

“It’s a little bit of a warning and a reminder for me really … So many
things require you to put in details and put them in online.

“It’s something I’ll be mindful of in the future, and something that
they need to be mindful of in the future too.”

Caitlin said she probably wouldn’t be deterred from buying Neoflam in
the future, because she liked the products.

“I might be getting in touch with them and I would expect them to be
extremely apologetic. I would want to get a pretty good reason as to
why it was made public.

“I don’t mean to sound flippant because it’s not a small matter. But
there’s nothing that can be done about it now.

I assume it was a mistake but that’s a pretty huge mistake.”

Another customer wasn’t fazed, saying they gave out their details all the time.

The New Daily spoke to a Neoflam Australia spokesperson shortly after
midday on Monday but did not receive a response to questions by
deadline. Follow-up queries by phone and email were not answered.

It’s not clear how long the data was publicly available online.

The privacy policy on the brand’s website said it was “absolutely
committed to keeping your personal information private”.

Other internal brand literature also appeared to have been mistakenly published.

The New Daily was able to download a spreadsheet detailing the
company’s wholesale prices, store mark-ups and sale plans. There were
also dozens of pages of marketing imagery.


More information about the BreachExchange mailing list