David Jones is the second retailer to announce a security breach in as many days, admitting on Friday that a third party exploited a vulnerability in its website to extract information about some customers.
This follows Kmart Australia’s announcement yesterday that it had suffered a breach of its online product order system.
David Jones said that information – stolen on September 25 – was restricted to customer names, email addresses, order details and mailing addresses.
“David Jones do not store any credit card information or financial information on its website. There is no indication that the information has been misused in any way,” the retailer said.
David Jones said that once it learned of the incident, it moved swiftly to prevent further access and the retailer has alerted affected customers, the Australian Federal Police and the Office of the Australian Information Commissioner.
“The vulnerability which was used to access the data has been shut down. We are now working with cyber security experts and the Australian Federal Police to full investigate the matter.
“David Jones takes its customers’ privacy very seriously. We use security procedures to protect our customers’ information when using our online store. We also believe in the importance of being open and transparent with our customers.
“We confirm that it is not necessary for you to take any action regarding your credit or other payment cards,” the retailer said.