Kmart Australia suffers large data breach, online shoppers details stolen

Kmart Australia has had a significant data breach on its servers resulting in personal data from online shoppers at the retailer being stolen.

Names, email addresses, telephone numbers and billing addresses were among the personal data stolen in the incident, which took place on Tuesday, although credit card numbers remained safe said the company in an official statement. 

"As soon as we were made aware of this breach, immediate action was taken to stop any further information being accessed," the company added. To address the matter, it has reached out to the Office of the Australian Information Commissioner and the Australian Federal Police, and called in "leading IT forensic investigators."

Although the company promptly contacted the individuals affected by this data breach by email, customers took to the company's Facebook page to express their concerns, especially regarding how Kmart Australia had been handling the situation and the delay between the breach actually happening and the company informing everyone that it happened.

Isabelle Reid who is one of the shoppers commented: “So who gained this access to my details and what is being done about it? Not impressed at all and will not be shopping with Kmart online again - not good enough!”

Another customer, Angela Davidson said: “Received the email - but it fails to describe any action or help they are providing those whose private information has been stolen. It only tells us that it has happened. Tells us of the problem, with no hint of a solution- almost as if the solution (for Kmart Aus) is just to let us know it happened. Not really good enough."

According to the Australian Information Commissioner, when an Australian company suffers a data or security breach, they are not required to disclose the details of said breach. Not least because it would mean that they might lose the trust of their customers, but it could have larger effects on a company.

This does not mean, however, that they have no obligations to put in place reasonable security safeguards and to take reasonable steps to protect the personal information that they hold about their customers.

This is not the first time Kmart has had serious data breaches. In 2014 Kmart in the US was also hacked, compromising many customer credit and debit card numbers. And likewise in 2013 during the Christmas period, Kmart POS' were hacked leaking customer data to a remote location.