Bunnings conducts and collects data from customers caught in a FlexBooker security breach on the Amazon cloud | Canberra time
news, latest news, Bunnings, Amazon, COVID, FlexBooker
Bunnings customers using the company’s COVID-triggered collect and collect service may have had some of their personal data exposed after the software company behind the service suffered a major security breach that affected 3.7 million people worldwide. Online booking platform FlexBooker said that on December 23, its account on Amazon’s cloud platform was compromised after its data storage was accessed and downloaded. In an “incident alert,” FlexBooker said it worked to restore a backup within 12 hours. “After working further with Amazon to understand what happened, we learned that a certain set of data, including some customers’ personal information, was accessed and downloaded,” he said. This included first and last names, email addresses and phone numbers. “Data accessed did not include credit card or other payment card numbers,” he said. In an email to customers on Wednesday afternoon, Bunnings said it had recently been notified of the breach, which may have “included the name and email address you provided when selecting a time slot for a previous Bunnings drive and collect order”. “We take the privacy and protection of customer information very seriously and sincerely regret that this has happened,” the email said. Bunnings assured customers that “passwords, credit card information and mobile phone numbers are not collected when using Flexbooker to make a booking with us”. “We are confident that none of these categories of customer data has been compromised.” The email goes on to say that Bunnings is “currently working with FlexBooker to better understand how the breach occurred in their systems and the extent of the impact.” “We are directly contacting all customers whose name or email address could be seen,” the company said. Bunnings said while customers weren’t required to take action, they were encouraged, as a precaution, to “be wary of unusual activity in their email accounts and change passwords regularly to improve security. in line”. “At Bunnings, keeping your personal information safe is our priority,” he said. The company’s chief information officer, Leah Balter, said they “will thoroughly investigate this incident.” Bunnings, which introduced the drive-and-collect service in April 2020 to 250 stores across Australia in response to COVID, said it had notified the Australian Information Commissioner’s Office (OAIC). READ MORE: An OAIC spokesperson said he couldn’t speak to specific cases, but expected ‘any organization responding to a data breach involving personal information to act quickly to contain the incident and assess the potential impact on those involved”. “If it is likely to cause serious harm and the organization is covered by the Privacy Act, it should notify affected individuals and OAIC as soon as possible,” the spokesperson said. . OAIC received 446 data breach notifications under the mandatory Notifiable Data Breaches program from January to June 2021. Forty-three percent of these breaches resulted from cybersecurity incidents. “Organizations must be proactive in protecting personal information and preventing these breaches,” the spokesperson said. “We advise individuals to react quickly when notified and take appropriate action, such as changing passwords, checking accounts and credit reports, and watching out for scams.” Australian security expert Troy Hunt, who runs the Have I Been Pwned website, tweeted that 3.7 million accounts were hacked and partial credit card data was also taken. A FlexBooker spokesperson confirmed this report to ZDNet, saying the last three digits of card numbers were included in the breach, but no other data. FlexBooker, which also serves other industries including healthcare and the arts, has been contacted for more details about the breach. In its Incident Alert, it also stated that customer passwords included in the data were encrypted and the encryption key was not accessed or downloaded. He has since restored security to his account and “will continue to work with Amazon to maintain security.” Our reporters work hard to provide local and up-to-date news to the community. Here’s how you can continue to access our trusted content:
/images/transformer/v1/crop/frm/130009714/96fd12cb-dd61-479d-b088-66e0c014da5b.jpg/r1_90_1029_671_w1200_h678_fmax.jpg
Bunnings customers using the company’s COVID-triggered collect and collect service may have had some of their personal data exposed after the software company behind the service suffered a major security breach that affected 3.7 million people worldwide.
Online booking platform FlexBooker said that on December 23, its account on Amazon’s cloud platform was compromised after its data storage was accessed and downloaded.
In an “incident alert,” FlexBooker said it worked to restore a backup within 12 hours.
“After working further with Amazon to understand what happened, we learned that a certain set of data, including some customers’ personal information, was accessed and downloaded,” he said.
This included first and last names, email addresses and phone numbers.
“Data accessed did not include credit card or other payment card numbers,” he said.
In an email to customers on Wednesday afternoon, Bunnings said it had recently been notified of the breach, which may have “included the name and email address you provided when selecting a time slot for a previous Bunnings drive and collect order”.
“We take the privacy and protection of customer information very seriously and sincerely regret that this has happened,” the email said.
Organizations must be proactive in protecting personal information and preventing these breaches.
Spokesperson for the Australian Information Commissioner’s Office
Bunnings assured customers that “passwords, credit card information and mobile phone numbers are not collected when using Flexbooker to make a booking with us”.
“We are confident that none of these categories of customer data has been compromised.”
The email goes on to say that Bunnings is “currently working with FlexBooker to better understand how the breach occurred in their systems and the extent of the impact.”
“We are directly contacting all customers whose name or email address could be seen,” the company said.
Bunnings said while customers weren’t required to take action, they were encouraged, as a precaution, to “be wary of unusual activity in their email accounts and change passwords regularly to improve security. in line”.
“At Bunnings, keeping your personal information safe is our priority,” he said.
The company’s chief information officer, Leah Balter, said they “will thoroughly investigate this incident.”
Bunnings, which introduced the drive-and-collect service in April 2020 to 250 stores across Australia in response to COVID, said it had notified the Australian Information Commissioner’s Office (OAIC).
An OAIC spokesperson said he could not speak to specific cases, but expected “any organization responding to a data breach involving personal information to act quickly to contain the incident and assess the potential impact on those involved”.
“If it is likely to cause serious harm and the organization is covered by the Privacy Act, they should notify affected individuals and OAIC as soon as possible,” the spokesperson said.
OAIC received 446 data breach notifications under the mandatory Notifiable Data Breaches program from January to June 2021.
Forty-three percent of these breaches result from cybersecurity incidents.
“Organizations must be proactive in protecting personal information and preventing these breaches,” the spokesperson said.
“We advise individuals to react quickly when notified and take appropriate action, such as changing passwords, checking accounts and credit reports, and watching out for scams.”
A FlexBooker spokesperson confirmed this report to ZDNet, sayingthe last three digits of the card numbers were included in the breach, but no other data.
FlexBooker, which also serves other industries including healthcare and the arts, has been contacted for more details about the breach.
In its Incident Alert, it also stated that customer passwords included in the data were encrypted and the encryption key was not accessed or downloaded.
He has since restored security to his account and “will continue to work with Amazon to maintain security.”
Our reporters work hard to provide local and up-to-date news to the community. Here’s how you can continue to access our trusted content: