David Jones Hacked: Investigation Underway
David Jones has advised that it recently learned that “a third party exploited a vulnerability” in its website, stating that limited information was extracted about some of its customers.
“The information obtained was restricted to customer name, email address, order details and mailing address,” David Jones stated via a consumer notice.
“No credit card information, financial information or passwords were obtained. David Jones does not store any credit card information or financial information on our website. There is no indication that the information has been misused in any way.”
David Jones stated it learned of the attack on September 25, with an email sent to customers whose details were accessed to inform them of the situation. The incident has been reported to the Australian Federal Police and the Office of the Australian Information Commissioner.
“The vulnerability which was used to access the data has been shut down,” David Jones stated. “We are now working with cybersecurity experts and the Australian Federal Police to fully investigate this matter.”
The news follows Kmart Australia revealing that it had suffered an external privacy breach of its customer online product order system.
David Jones owner Woolworths Holdings this week advised that chief executive officer Iain Nairn has resigned after 14 months in the role.