Customer data stolen in Kmart Australia hack

By on
Customer data stolen in Kmart Australia hack

OAIC, AFP informed of theft.

Retailer Kmart has revealed it is "urgently" working to address a privacy breach which saw customer data stolen by external attackers.

The company yesterday informed affected customers their name, email address, delivery and billing addresses, phone numbers and product purchase details had been taken in the attack.

It insisted that no customer credit card or payment details had been compromised.

The retailer uses ANZ Bank's CyberSource payments gateway for credit card processing, and does not store the details internally.

iTnews understands Kmart's online ecommerce platform is built on IBM's WebSphere Commerce software.

The ecommerce solution also includes the Oracle Endeca enterprise data discovery platform and Coremetrics (also owned by IBM) digital marketing platform, iTnews understands.

Kmart emailed customers who had their information stolen from its online product order system on Tuesday to inform them of the situation.

If a specific customer did not receive the email, Kmart said, their information had likely not been impacted.

"As soon as Kmart Australia was made aware of this breach, immediate action was taken to stop any further information being accessed," the company said in a statement.

The retailer has informed the Office of the Australian Information Commissioner and the federal police about the breach.

It has also engaged unnamed "leading IT forensic investigators" to look into how the attackers were able to infiltrate the product ordering system.

Kmart declined to comment.

The company this month created a dedicated executive role for online, and is currently recruiting for the head of online trading and customer experience.

The role reports into the general manager of multichannel and is responsible for Kmart's digital commerce channels, with a focus on online merchandising, site and content management, analytics, online marketing and digital platform optimisation.

The federal government has previously pledged to introduce legislation for mandatory data breach reporting - a recommendation of a parliamentary joint committee - before the end of the year.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © . All rights reserved.

Most Read Articles

Log In

  |  Forgot your password?