Big W suffered a privacy breach earlier this year when it accidentally added a confidential printout to a pile of test documents whilst trying to prove a customer's printer issue had been fixed.
The breach is contained in a cache of notifications made by Woolworths to the Office of the Australian Information Commissioner (OAIC) that was published yesterday. [pdf]
The cache includes two notifications for 2018, including one previously reported incident where scammers used compromised or stolen login credentials to fleece customers of loyalty points.
However, it also contains a second notification for an incident at Big W where a printed document containing identity and contact information of 32 people was accidentally given to a customer.
File notes recorded by the OAIC state that “a customer came to Big W to get their printer fixed, and when it was, had some test documents printed to verify [the] issue had been fixed. Staff member enclosed some other documents with the customer’s documents.”
The internal document contained “information regarding Big W’s business processes and identity and role of individuals involved”.
Big W said the breach occurred on April 30 and was discovered on May 2. Those impacted by it were alerted on June 2.
The company said it had been unable to get the printed hard copy back because "the customer was not willing to engage with Big W further".
Big W said it had taken steps to prevent a recurrence.
“Big W has engaged in a review of our in-store processes and immediately disabled the print functionality associated with the [confidential] document,” it said.
“In addition, staff training and a reassessment of our data collection and storage processes is being undertaken.”