David Jones is the latest victim of hackers - just hours after Kmart revealed its systems were also targeted.
The department store revealed its IT systems were hacked last week, allowing hackers to access customers' personal details.
The Australian Federal Police are investigating the breach, which occurred on Friday.
David Jones has published detailed information on the hack to customers.
The infomation is printed below:
Unauthorised Data Access
David Jones recently learned that a third party exploited a vulnerability in our website to extract limited information about some of our customers. The information obtained was restricted to customer name, email address, order details and mailing address. No credit card information, financial information or passwords were obtained. David Jones does not store any credit card information or financial information on our website. There is no indication that the information has been misused in any way.
What does this mean for me?
We confirm that it is not necessary for you to take any action regarding your credit or other payment cards in response to this email, as your financial information data is not at risk. There is also no need to change any of your David Jones website account details or passwords.
What happens now?
As soon as David Jones learned of the incident, we moved swiftly to prevent any further unauthorised access. We sincerely apologise that this has occurred and want to assure you, as a valued customer of David Jones, that we are doing everything we can to make sure this does not happen again.
For further information please visit www.davidjones.com.au/Consumer-notices
If you would like to provide any feedback on this matter, please email our team at privacy@davidjones.com.au
David Jones has reported the incident to the Privacy Commissioner at The Office of the Australian Information Commissioner (OAIC).
Please note that David Jones will never contact you and request that you provide your financial information or credit card details over the phone or via email. If you receive a call or email requesting such information, please do not respond.
CUSTOMER FAQs - UNAUTHORISED DATA ACCESS
1. What happened?
On 25 September 2015, David Jones learned that a third party exploited a vulnerability in our website to extract limited information about some of our customers. The information obtained was restricted to customer name, email address, order details and mailing address. No credit card information, financial information or passwords were obtained. David Jones does not store any credit card information or financial information on its website. There is no indication that the information has been misused in any way.
2. Has the issue been resolved?
Yes. As soon as David Jones learned of the incident, we moved swiftly to prevent further unauthorised access. We have also contacted each of our affected customers to inform them of the breach, together with the Australian Federal Police and the Office of the Australian Information Commissioner (Privacy Commissioner).
3. What information was accessed?
The data accessed included customer name, email address, order details and mailing address. No credit card information, financial information or passwords were obtained. David Jones does not store any credit card information or financial information on its website.
4. Do the people who accessed my information now have my credit card details?
No credit card information or financial information was obtained – David Jones does not store such information on its webstore.
5. Do the people who accessed my information now have the password to my David Jones account?
No, passwords were not obtained. You do not need to do anything in relation to your David Jones online account.
6. How do I know if I was affected by this issue? Should I contact David Jones?
An email has been sent directly to those customers whose details were accessed to inform them of the situation. If customers have not received a message from David Jones regarding this situation they have not been impacted.
If you would like to provide any feedback on this matter, please email privacy@davidjones.com.au
7. Why was David Jones collecting and holding this information?
David Jones collects and holds this type of order information and basic customer data in the ordinary course of business. Please refer to our Privacy Policy for more information about our collection, use and storage of personal information: http://www.davidjones.com.au/Privacy-and-Security
8. How could David Jones let this happen?
David Jones takes its customers’ privacy seriously. We have security procedures in place to protect our customers’ information when using our webstore. This type of unauthorised access is a crime and unfortunately, cybercrime is a persistent threat in today’s world. Despite our best efforts, no business is immune and we sincerely apologise that this has occurred.
9. Who is the third party that accessed the data?
We cannot divulge this at this time. What we can say is that we are working with the Australian Federal Police and cyber security experts on this matter.
10. How exactly did they gain access to the data?
The vulnerability which was used to access the data has been shut down. We are now working with cyber security experts and the Australian Federal Police to fully investigate this matter.
11. Has the unauthorised third party misused the data?
No. There is no evidence the data has been misused.
12. How do I know this won’t happen again?
We are committed to making this right and are taking action to reduce the likelihood of this happening again. We are reviewing our systems, security measures and working with expert security consultants. Protecting our customers is of paramount importance to us.
13. Has David Jones told the police?
Yes, David Jones has informed the Australian Federal Police who are investigating the matter.
14. Has David Jones told the Government?
Yes, David Jones has notified the Office of the Australian Information Commissioner (Privacy Commissioner) and the Attorney General’s Department.
15. Is there anything I need to do?
No. There is nothing you need to do in relation to this matter. No financial information or passwords were accessed and your David Jones online account is working as normal.
David Jones recommends that you be aware of unsolicited phone calls or emails that appear to be sent by David Jones. Such emails or phone calls may ask you to provide further personal information or financial information. David Jones would never ask for your personal information via email or telephone on an unsolicited basis.
16. I received a phone call from David Jones about this matter asking for my information. What should I do?
David Jones will not be calling individuals in relation to this matter unless expressly requested to do so by you.
17. Is it safe to shop at David Jones?
Yes. David Jones has always taken the protection of its customers’ information seriously. We have now fixed the vulnerability and are taking action to reduce the likelihood of this happening again. We are reviewing our systems, security measures and working with expert security consultants. Protecting our customers is of paramount importance to us.
18. How do I complain about this matter?
If you would like to lodge a privacy complaint with us, please contact privacy@davidjones.com.au. You can also make a complaint to the Office of the Australian Information Commissioner (www.oaic.gov.au/).