On Wednesday, Kmart Australia notified customers of an external privacy breach of its customer online order system.
The retailer has published a statement regarding the incident on its website. It begins:
“Kmart Australia is urgently addressing an external privacy breach of its customer online product order system that was experienced yesterday. The breach included customers’ identity (name), email address, delivery and billing address, telephone number and product purchase details. No online customer credit card or other payment details have been compromised or accessed. [sic]”
According to iTNews, Kmart Australia does not store customers’ payment card data internally, for it uses ANZ Bank’s CyberSource payments gateway. The corporation has also built its online ecommerce platform on top of IBM WebSphere software, a solution which includes the Oracle Endeca enterprise data discovery platform.
Kmart Australia goes on to explain in its statement that only a selection of customers who shopped online with the retailer were affected by the external privacy breach. If customers did not receive a message about the intrusion, it reassures, the incident did not expose any of their information.
In response to the breach, the retailer has engaged IT forensic investigators and contacted both the Office of the Australian Information Commissioner (OAIC) and Australian Federal Police.
“The OAIC is waiting to receive further information about the incident from Kmart Australia once its own investigation is further progressed,” a spokesperson for the privacy watchdog said. “We will assess the information Kmart Australia provides to determine whether any additional action is required by the OAIC (in keeping with the OAIC’s Privacy regulatory action policy).”
The OAIC has praised Kmart Australia for disclosing the breach and for notifying the OAIC. However, customers of the retailer are not as happy about its response.
“It only tells us that it has happened,” one customer Angela Davis stated. “Tells us of the problem, with no hint of a solution — almost as if the solution (for Kmart) is just to let us know it happened. Not really good enough.”
Another customer, Jess Riley, wrote the following:
“I got the email yesterday and needless to say i am beyond unimpressed. You have failed to protect the information of your customers. What eaxctly [sic] does calling the customer help line do? What information will they give out??”
Kmart Australia was not available for further comment at the time of this writing.
News of this breach follows an earlier hack against Kmart back in 2014.