The personal information of some Bunnings Warehouse customers has been compromised after a significant data breach at a third-party provider.
Bunnings Australia has been caught up in a major cyber security attack after its US-based booking platform, FlexBooker, revealed the data of an estimated 3.7 million users, including Australian shoppers, was exposed to a hack in December.
Bunnings’ chief information officer Leah Balter confirmed to The New Daily on Thursday the company was aware of the data security breach experienced and had warned customers.
The issue affected customers who used Bunnings’ Drive and Collect service , Ms Balter said.
She said Bunnings had taken a “cautious approach”, ensuring the customer information shared with its third-party provider was limited to full names and email addresses.
“We are aware of a data security breach experienced by one of our third-party booking providers, which may include the data of some of our customers who have booked a timeslot when utilising our Drive & Collect service,” Ms Balter said.
“We’re continuing to work with the third-party provider to further understand the details of how this breach occurred, and the processes being put in place to correct it and we’re reaching out directly to any customers whose name or email address may have been accessed.
“Bunnings’ customers are not required to enter sensitive personal information through this provider, such as passwords, mobile numbers, or credit card information, so we are confident that none of these categories of customer data have been compromised.”
The matter had been reported to the Office of Australian Information Commissioner – the national independent regulator for privacy and freedom of information – and Bunnings has posted an update on its website.
“Bunnings takes the security of our customers’ and team members’ personal information very seriously, and will carry out a thorough investigation into this incident,” Ms Balter said.