Kmart Hack Results in Breach of Customer Information

A security breach at retailer Kmart’s online operations has resulted in the breach of its online customers’ personal information in Australia, according to news reports.

The Sydney Morning Herald reports that Kmart’s online customers in Australia have been sent an email on September 30 to inform them of an “external privacy breach” that is likely to have compromised account details.

“Yesterday, an email was sent directly to those customers whose details were accessed to inform them of this situation, and Kmart Australia has posted details of the breach on its social media pages.”

The retailer added that no payment details nor credit card information was compromised.

However, the details that were compromised in a breach that occurred earlier in September includes:

  • Customer names.
  • Home addresses.
  • Email addresses.
  • Previous Purchase details

In a statement, the retailer said:

“This breach only impacts a selection of customers who have shopped online with Kmart Australia. If customers have not received a message from Kmart Australia regarding this situation they have not been impacted.”

Additionally, Kmart confirmed that the Australian entity of its operations took immediate action by employing IT forensic investigators to look into the breach and conduct “thoroughly review.”

The Office of Information Commissioner (OAIC) was informed of the breach by Kmart on September 29 and released the following statement:

“We will assess the information Kmart Australia provides to determine whether any additional action is required by the OAIC in keeping with the OAIC’s privacy regulatory action policy.”

The government’s Privacy Regulatory Action Policy was released by the OAIC in November last year, explaining the authority of the privacy commissioner. The commissioner made it clear that any attempts to conceal a data breach by the company will be dealt with sternly by the OAIC.

Security researchers see no relevance to the breach suffered by Kmart Australia to the one when Kmart US was hacked in 2014. Kmart US is owned by the Sears Holdings Corporation while Kmart Australia is wholly owned by Wesfarmers through a long-term licensing deal of the Kmart brand by Wesfarmers from the 1960s.