Big W customer data leaked due to printer repair mishap
Thursday, December 20, 2018/
A Big W worker accidentally leaked the personal information of 32 people earlier this year when repairing a printer for a customer, Office of the Australian Information Commissioner (OAIC) disclosures reveal.
The Woolworths-owned discount department store has admitted to an extraordinary instance of human error where an employee enclosed confidential information within a pile of test print-outs provided to a customer to show their printer was fixed.
The document contained the names, addresses and a form of ID for over two-dozen people.
“Woolworths was made aware that a member of the public had inadvertently been provided with a printed copy of an internal confidential document by Big W,” the OAIC disclosure reads.
“The member of the public shared this document with [name redacted] who contacted Big W.”
Woolworths said it has been unable to recover the information as the customer in question has not been willing to engage with Big W.
Woolworths requested additional information about the data breach be kept confidential because “it contains information regarding BIG W’s business processes and identify and role of individuals involved”.
In a statement, a Big W spokesperson said it informed the affected customers of the breach in May, and notified the OAIC within the required time frame.
“We deeply regret this happened and have apologised to each customer personally,” the spokesperson said.
“Following the event, we updated our store policies and team training on data protection across all BIG W stores so that an error like this will not occur in the future.”
The Big W breach is just one of the leaks Woolworths has disclosed to the OAIC in recent years, with a malicious Woolworths Rewards data breach from earlier this year also featuring.
Physical data breaches “more prevalent than we believe”
No financial information was compromised in the leak, but Andrew Bycroft, chief executive of the International Cyber Resilience Institute, says the breach showcases that information security is not just digital.
“It’s more prevalent than we believe,” he tells SmartCompany.
“A lot of this goes unreported because it’s not considered a data breach.”
Bycroft says the prevalence of digital data breaches has resulted in information security being lumped in with digital technology in recent years, which is dangerous.
“One of the common ones is people disposing of information in the garbage instead of shredding it.
“The other one as well that tends to happen is people printing documents and reading them on the train — everyone has a smartphone these days,” he says.
Be honest about your situation: How vulnerability helps businesses thrive Sue Parker DARE Group founder
Own it: The 10 things you need to do to manage your personal brand Lisa Stephenson Who Am I Projects founder
Six invaluable lessons: What 20 years in aged care taught me about being an entrepreneur Natasha Chadwick NewDirection Care founder
An entrepreneurial superpower: Eight tips to help develop resilience Adala Bolto ZADI Training co-founder
Going through a lull? Five areas you should invest in when sales drop Tamara Alaveras and Sonia Majkic 3 Phase Marketing co-founders
Stop telling us how busy you are, it's boring and charmless Ian Whitworth Scene Change co-founder
Blandification™ and the state of modern branding Jeffrey Oley The Offices co-founder
Why you should find the right role for the right person — not the other way around Bruce Stronge Outfit founder