Bunnings has been caught up in a data breach and may have had personal information about its customers exposed.
US-based scheduling platform FlexBooker, which Bunnings uses to power part of its ‘Drive & Collect’ service, was breached in late December and saw 3.7 million users’ information leaked.
Bunnings’ chief information officer Leah Balter confirmed that its customers’ data could be included in the leak, but that it would only involve customers’ name and email addresses, as the business doesn’t collect passwords, credit card numbers, or phone numbers when using FlexBooker.
“As soon as we were made aware of the breach, we reached out to customers whose data may have been accessed,” Balter said.
“We’re continuing to work with the third-party provider to further understand the details of how this breach occurred, and the processes being put in place to correct it, and we’re reaching out directly to any customers whose name or email may have been accessed.
“Bunnings takes the security of our customers’ and team members’ personal information very seriously, and will carry out a thorough investigation into this incident.”
According to ZDnet, personal information of users of FlexBooker, such as passwords, partial credit card numbers, and email addresses, appeared on a popular hacking forum.