Kmart Australia has contacted the Australian Federal Police over a security breach that exposed the private details of some customers.
The retailer revealed in a statement that it also engaged IT forensic investigators and contacted the Office of the Australian Information Commissioner (OAIC) over the breach.
Kmart Australia said the details of customers who used its online ordering system had potentially been exposed. The breach included customers' names, email addresses, delivery and billing, telephone numbers and product purchase details.
“No online customer credit card or other payment details have been compromised or accessed,” the retailer's statement said.
“This breach only impacts a selection of customers who have shopped online with Kmart Australia. If customers have not received a message from Kmart Australia regarding this situation they have not been impacted.”
“The OAIC is waiting to receive further information about the incident from Kmart Australia once its own investigation is further progressed,” a spokesperson for the privacy watchdog said.
“We will assess the information Kmart Australia provides to determine whether any additional action is required by the OAIC (in keeping with the OAIC’s Privacy regulatory action policy).”
The OAIC praised Kmart for disclosing the breach to affected customers and for voluntarily notifying the OAIC.
"Notification can be an important mitigation strategy that has the potential to benefit both the organisation and the individuals affected by a data breach," the OAIC spokesperson said.
The government has said it plans to introduce legislation to create a mandatory breach notification regime before the end of the year.
Kmart is facing a backlash on its Facebook page from people who are unhappy that the retailer is not offering a solution to help those whose private information may have been accessed.
"Received the email-- but it fails to describe any action or help they are providing those whose private information has been stolen," one customer posted.
"It only tells us that it has happened. Tells us of the problem, with no hint of a solution- almost as if the solution (for Kmart) is just to let us know it happened. Not really good enough."
"So who gained this access to my details and what is being done about it ? Not impressed at all and will not be shopping with Kmart online again - not good enough !" another customer posted.
A Kmart spokesperson said it was unable to make any further comment at this time as the case is still being reviewed.