[BreachExchange] Bunnings customers exposed in data breach
Terrell Byrd
terrell.byrd at riskbasedsecurity.com
Thu Jan 13 10:00:57 EST 2022
https://thenewdaily.com.au/finance/consumer/2022/01/13/bunnings-customers-data-breach/
The personal information of some Bunnings Warehouse customers has been
compromised after a significant data breach at a third-party provider.
Bunnings Australia has been caught up in a major cyber security attack
after its US-based booking platform, FlexBooker, revealed the data of an
estimated 3.7 million users, including Australian shoppers, was exposed to
a hack in December.
Bunnings’ chief information officer Leah Balter confirmed to The New Daily
on Thursday the company was aware of the data security breach experienced
and had warned customers.
The issue affected customers who used Bunnings’ Drive and Collect service ,
Ms Balter said.
She said Bunnings had taken a “cautious approach”, ensuring the customer
information shared with its third-party provider was limited to full names
and email addresses.
“We are aware of a data security breach experienced by one of our
third-party booking providers, which may include the data of some of our
customers who have booked a timeslot when utilising our Drive & Collect
service,” Ms Balter said.
“We’re continuing to work with the third-party provider to further
understand the details of how this breach occurred, and the processes being
put in place to correct it and we’re reaching out directly to any customers
whose name or email address may have been accessed.
“Bunnings’ customers are not required to enter sensitive personal
information through this provider, such as passwords, mobile numbers, or
credit card information, so we are confident that none of these categories
of customer data have been compromised.”
The matter had been reported to the Office of Australian Information
Commissioner – the national independent regulator for privacy and freedom
of information – and Bunnings has posted an update on its website.
“Bunnings takes the security of our customers’ and team members’ personal
information very seriously, and will carry out a thorough investigation
into this incident,” Ms Balter said.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20220113/e2b5bed1/attachment.html>
More information about the BreachExchange
mailing list