Australia Markets closed

Bunnings customer and staff data exposed

Image: Getty

Australian hardware giant Bunnings Warehouse has apologised for a data breach that saw the personal information of customer and staff exposed on the internet.

The website for information security company Ctrlbox first reported the breach this week, which involved more than 1,194 customer names, email addresses, phone numbers and addresses, plus staff names and login credentials.

“Bunnings has a great deal to learn, especially when contracting out development to have strict guidelines on data security,” wrote Ctrlbox chief Lee Johnstone.

The leaked information came from one particular Bunnings branch, and was exposed as a staff member created an administration tool to send emails out about store events.

After Johnstone contacted Bunnings at the end of January, the company immediately removed the offending database from public view and reported the incident to the Office of Australian Information Commissioner.

“This was a breach of our data policy guidelines,” said Bunnings managing director Michael Schneider in a statement to Ctrlbox.  

“We are sorry that this has happened and would like to reassure our team and customers that we take their privacy very seriously. We are reinforcing our data and privacy policies with our team to prevent something like this happening again.”

Files of exposed Bunnings data. Source: Ctrlbox

He added that all customers and employees that were affected would be contacted. Anyone concerned about their information can contact privacy@bunnings.com.au.

“One thing to take away from this is no matter how big or small of a company you are, when a security incident happens get on to it right away and work along with those who reported it to you, Bunnings did this and got the problem resolved very fast,” wrote Johnstone.

The Bunnings breach followed an incident last month that saw the personal data of thousands of job applicants to Queensland real estate agents leaked on the web, as well as a cache named #collection1 that saw data from more than 30 Australian websites exposed to the public.

Make your money work with Yahoo Finance’s daily newsletter. Sign up here and stay on top of the latest money, news and tech news.

Now read: Soaring childcare fees forcing Aussie parents to stay at home

Now read: The small Italian city that will pay your whole family to move there

Now read: Melbourne nurse takes on Centrelink’s ‘robo-debt’ in landmark case