Bunnings Drives and Collects Data from Customers Caught in FlexBooker’s Amazon Cloud Security Breach | Canberra weather

news, breaking news, Bunnings, Amazon, COVID, FlexBooker

Bunnings customers using the company’s COVID-triggered training and collection service may have seen some of their personal data exposed after the software company behind the service suffered a major security breach that resulted in affected 3.7 million people worldwide. Online booking platform FlexBooker said that on December 23, its account on Amazon’s cloud platform was dialed after accessing and downloading its data storage. In an “incident alert”, FlexBooker said it worked to restore a backup within 12 hours. “After working more with Amazon to understand what happened, we learned that a certain set of data, including personal information of some customers, was accessed and downloaded,” he said. This included first and last names, email addresses and phone numbers. “The data viewed did not include credit card numbers or other payment cards,” he said. In an email to customers on Wednesday afternoon, Bunnings said he was recently made aware of the violation, which may have “included the name and email address you provided when selecting ‘a time slot for a previous drive and pick up order from Bunnings’. “We take the privacy and protection of customer information very seriously and sincerely regret that this has happened,” the email read. Bunnings assured customers that “passwords, credit card information and cell phone numbers are not collected when using Flexbooker to make a reservation with us”. “We are confident that none of these categories of customer data has been compromised.” The email goes on to say that Bunnings “is currently working with FlexBooker to better understand how the breach occurred in their systems and the extent of the impact.” “We are directly contacting all customers whose name or email address has been found,” the company said. Bunnings said that while customers were not required to take action, they were encouraged as a precaution to “watch out for any unusual activity in their email accounts and change passwords regularly to improve security.” in line “. “At Bunnings, protecting your personal information is our top priority,” he said. The company’s chief information officer, Leah Balter, said they would “conduct a full investigation into this incident.” Bunnings, who introduced the collection and collection service in April 2020 at 250 stores across Australia in response to COVID, said he had notified the Office of the Australian Information Commissioner (OAIC). READ MORE: A spokesperson for CATO said they couldn’t speak to specific cases, but expected “any organization responding to a data breach involving personal information to act quickly to contain the incident and assess the potential impact on the people concerned ”. “If this is likely to result in serious damage and the organization is covered by the Privacy Act, it should notify those affected and the CATO as soon as possible,” the spokesperson said. word. The CATO received 446 notifications of data breaches under the mandatory Notifiable Data Breaches program from January to June 2021. Forty-three percent of these breaches were the result of cybersecurity incidents. “Organizations must be proactive in protecting personal information and preventing these breaches,” the spokesperson said. “We advise individuals to respond quickly when notified and take appropriate action, such as changing passwords, checking accounts and credit reports, and watching out for scams.” Australian security expert Troy Hunt, who runs the Have I Been Pwned website, tweeted that 3.7 million accounts were breached and partial credit card data was also taken. A FlexBooker spokesperson confirmed this report to ZDNet, saying the last three digits of the card numbers were included in the violation, but no other data. FlexBooker, which also serves other industries including healthcare and the arts, was contacted for further details of the violation. In his incident alert, he also said that customer passwords included in the data were encrypted and the encryption key was not viewed or downloaded. He has since restored the security of his account and “will continue to work with Amazon to maintain security.” Our reporters work hard to provide local and up-to-date news to the community. Here’s how you can continue to access our trusted content:

/images/transform/v1/crop/frm/130009714/96fd12cb-dd61-479d-b088-66e0c014da5b.jpg/r1_90_1029_671_w1200_h678_fmax.jpg

Leave a Comment