Skip to main content
Skip to secondary navigation
Australian Government - Office of the Australian Information Commissioner - Home

Kmart Australia data breach

1 October 2015

Kmart Australia notified the Office of the Australian Information Commissioner (OAIC) of a data breach on 29 September 2015.

The OAIC is waiting to receive further information about the incident from Kmart Australia once its own investigation is further progressed. We will assess the information Kmart Australia provides to determine whether any additional action is required by the OAIC (in keeping with the OAIC’s Privacy regulatory action policy).

The OAIC is encouraged to see that Kmart Australia has notified affected individuals, and voluntarily notified the OAIC about this incident. Notification can be an important mitigation strategy that has the potential to benefit both the organisation and the individuals affected by a data breach. The OAIC strongly encourages notification in appropriate circumstances as part of good privacy practice. In 2014–15, the OAIC received 110 voluntary data breach notifications, a 64% increase on the previous year.