Australian marketplace The Iconic is in the final stages of completing the remediation process for hundreds of employees who were unintentionally underpaid or overpaid due to a payroll error.
The recently exposed underpayments of $200,937, shared across various media sources late last year, followed an initial $1.38 million in underpayments found in an audit in December 2022.
Altogether, the $1.5 million in underpayments affected more than 1,300 current and former staff.
A spokesperson for the Fair Work Ombudsman said the FWO’s investigation of The Iconic following its self-reported underpayments to staff is still ongoing.
Amid the latest underpayment development late last year, The Iconic released a media statement, stating it deeply regrets that the issue has occurred.
“We take our obligations very seriously, and we believe that our new payroll and human resources systems as well as our ongoing vigilance in reviewing and upgrading our payroll processes and data minimises the risk of this happening again,” the statement read.
In the last year, the FWO has also undertaken backpay processes with David Jones, Politix, and Best & Less - where each owed $1.9 million, $2.1 million and $5.2 million respectively in backpayments. The governing body also commenced legal action against former shoe retailer Winton Jacob International Pty Ltd - which traded as C de C Shoes.
Meanwhile, The Iconic is also currently navigating unauthorised third-party access that has affected its customers.
Scammers are taking advantage of customers who use the same email and password login across various accounts, where they can log in and purchase items. This is known as ‘credential stuffing’.
The marketplace has recently added an FAQ section to its website explaining the incident.
“These unauthorised third parties know that customers often reuse the same login credentials across multiple websites or platforms,” The Iconic wrote on its website. “Where the compromised email address and password combination was the same as an ICONIC account, unauthorised access may have occurred.”
The Iconic confirmed that customer’s payment details cannot be ‘stolen’ amid the third-party access scam.
The marketplace uses a third-party payment processor, which means that the full credit card number, expiry date and CCV are not stored within customer accounts, or in its systems.
Since the incident came to light, The Iconic has commenced an investigation, onboarding cybersecurity partners and notifying law enforcement authorities including the police, the Australian Cyber Security Centre and the Office of Australian Information Commission.
The investigation remains ongoing, according to The Iconic.
“We are currently working with impacted customers who notify us of unusual activity. We intend to directly contact customers whose accounts may be impacted as we continue to investigate the incident. We will provide specific recommendations to these customers and provide appropriate support.
“Where fraudulent orders have been placed, we will attempt to cancel the unauthorised order prior to shipping. Where fraudulent activity has been identified, we will refund the affected customer.”
The Iconic customers are being urged to change their passwords via a dedicated email address.
“The security of our customer’s information is of the utmost importance to us and we continue to work with our expert cyber security partners to protect against fraudulent activity.”