​Kmart Australia calls in police over security breach

Names, email addresses, and delivery and billing details of some customers exposed

Kmart Australia has contacted the Australian Federal Police over a security breach that exposed the private details of some customers.

The retailer revealed in a statement that it also engaged IT forensic investigators and contacted the Office of the Australian Information Commissioner (OAIC) over the breach.

Kmart Australia said the details of customers who used its online ordering system had potentially been exposed. The breach included customers' names, email addresses, delivery and billing, telephone numbers and product purchase details.

“No online customer credit card or other payment details have been compromised or accessed,” the retailer's statement said.

“This breach only impacts a selection of customers who have shopped online with Kmart Australia. If customers have not received a message from Kmart Australia regarding this situation they have not been impacted.”

“The OAIC is waiting to receive further information about the incident from Kmart Australia once its own investigation is further progressed,” a spokesperson for the privacy watchdog said.

“We will assess the information Kmart Australia provides to determine whether any additional action is required by the OAIC (in keeping with the OAIC’s Privacy regulatory action policy).”

The OAIC praised Kmart for disclosing the breach to affected customers and for voluntarily notifying the OAIC.

"Notification can be an important mitigation strategy that has the potential to benefit both the organisation and the individuals affected by a data breach," the OAIC spokesperson said.

Read more: Your face is part of Australia's 'national security weapon': should you be concerned?

The government has said it plans to introduce legislation to create a mandatory breach notification regime before the end of the year.

Kmart is facing a backlash on its Facebook page from people who are unhappy that the retailer is not offering a solution to help those whose private information may have been accessed.

"Received the email-- but it fails to describe any action or help they are providing those whose private information has been stolen," one customer posted.

"It only tells us that it has happened. Tells us of the problem, with no hint of a solution- almost as if the solution (for Kmart) is just to let us know it happened. Not really good enough."

"So who gained this access to my details and what is being done about it ? Not impressed at all and will not be shopping with Kmart online again - not good enough !" another customer posted.

A Kmart spokesperson said it was unable to make any further comment at this time as the case is still being reviewed.

Join the CSO newsletter!

Error: Please check your email address.

Tags kmartKmart Australiaprivacy

More about Australian Federal PoliceFacebookFederal PoliceKmart Australia

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Hamish Barwick

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place