Woolworths data breach

21 July 2015
Tags: statement

Woolworths data breach – finalisation of enquiries

21 July 2015

The OAIC made enquiries to Woolworths about an incident in which it unintentionally emailed eVoucher details to 400 customers. Woolworths advised the OAIC that the cause was a fault in an automated system.

In addressing the breach, Woolworths advised the OAIC that it responded to the breach by identifying the cause of the incident, cancelling and re-issuing all affected vouchers and rectifying the fault. Woolworths also advised that it provided affected customers with prompt notification of the incident, an explanation, and an apology.

The OAIC was satisfied that Woolworths handled this incident appropriately, and as such, we do not intend to take any further action in relation to this matter. However, the OAIC may conduct further enquiries if complaints are received from people who have been adversely affected.

In approaching data breaches that are notified to the OAIC by the affected organisation, the OAIC initially makes enquiries to confirm that the organisation involved is appropriately handling the breach to protect the personal information of affected individuals and prevent a recurrence. Depending on the response from the organisation, the OAIC will then determine what further action, if any, it needs to take in relation to the matter.

Woolworths data breach

1 June 2015

“The Office of the Australian Information Commissioner (OAIC) is aware of media reports of an incident in which Woolworths allegedly emailed gift card details to a large number of customers. The OAIC has approached Woolworths for further information. We will assess the information provided by Woolworths to determine what further action may be required.

If people affected by this incident have any concerns about their personal information, they should contact Woolworths in the first instance. If they are not satisfied with any response they receive they can contact our Enquiries line on 1300 363 992 to get more information about how the Privacy Act might apply and how they can make a complaint.”

Timothy Pilgrim — Australian Privacy Commissioner

Was this page helpful?

Thank you.

If you would like to provide more feedback, please email us at websitefeedback@oaic.gov.au