David Jones privacy breach sees third party access customer details

Department store David Jones has notified customers of an online security breach only days after Kmart alerted online consumers of a privacy hack.

A third party gained access to David Jones online customers’ names, email addresses, order details and mailing addresses.

The department store alerted affected customers by email after learning of the security breach on September 25. It said no credit card information, passwords or financial details were obtained.

The breach has been resolved with “no indication that the information has been misused in any way,” said the email.

“David Jones takes its customers’ privacy seriously.”

“This type of unauthorised access is a crime and unfortunately, cybercrime is a persistent threat in today’s world. Despite our best efforts, no business is immune and we sincerely apologise that this has occurred,” it said.

David Jones has informed the Federal Police and the Office of the Australian Information Commissioner (OAIC).

Chris Gatford, director and founder of penetration testing company Hacklabs, applauded David Jones and Kmart for alerting its affected online consumers but said it should be mandatory for companies to notify customers of security breaches.

“Hopefully this is the type of incident that will drive regulation that will require organisations to notify their customers when their information has been compromised.”

He said an online security breach “happens literally every day here in Australia”, with Australian consumers targeted due to high technology use and the prevalence of online banking.

Although financial details were not accessed in the David Jones and Kmart attacks, Gatford said the information gained was “quite significant”.

“When you’ve got a name, and email address and mailing address, that can lead to other information if you start collating it together,” he said. “Certainly there’s going to be an impact if that data is made widely available.”