Customers who used contactless pick up at Bunnings Warehouse may have had their personal information stolen, after a data breach from a third-party provider was revealed. Third-party booking provider Flexbooker detected a major security breach, affecting 3.7 million people worldwide, leading up to the Christmas holidays.
Extent of the Data Breach
It was confirmed by Bunnings Australia that it was affected by the security data breach involving Flexbooker, with Bunnings releasing a statement. They acknowledged that they were aware of the cyber-breach, and assured their customers that their credit card information, passwords, and mobile phone numbers were not collected when using Flexbooker. However, customers full names and email addresses were collected.
The warehouse advised in an email sent out to affected customers: “We do not collect any passwords, credit card data, mobile numbers or any other personally identifiable information from Bunnings customers, so those customers can be assured that no such information was accessed.”
To ensure a security breach doesn’t happen again, Bunnings would be well advised to ensure their third-party tool is secure by:
- Using encryption keys;
- Implementing two-factor authentication; and
- Securing phone and messaging services, to ensure their service is more secure and robust.
Impact of the Breach
Bunnings is working together with Flexbooker to understand how the breach occurred, and are still trying to determine the extent of the impact.
They advised that “Bunnings takes the security of our customers and team members personal information very seriously and will carry out a thorough investigation into this incident.”
Bunnings encouraged its customers to be cautious of any unusual activity in their email accounts and to regularly change passwords “as a precaution”.
For information about how you can implement two-factor authentication across your organisation, and ensure maximum security against cyber-attacks, please contact us.
Author: Mahdi Kobeissi, Cybersecurity Consultant