A Big W worker accidentally leaked the personal information of 32 people earlier this year when repairing a printer for a customer, Office of the Australian Information Commissioner (OAIC) disclosures reveal.
The Woolworths-owned discount department store has admitted to an extraordinary instance of human error where an employee enclosed confidential information within a pile of test print-outs provided to a customer to show their printer was fixed.
The document contained the names, addresses and a form of ID for over two-dozen people.
“Woolworths was made aware that a member of the public had inadvertently been provided with a printed copy of an internal confidential document by Big W,” the OAIC disclosure reads.
Get daily business news.
The latest stories, funding information, and expert advice. Free to sign up.
“The member of the public shared this document with [name redacted] who contacted Big W.”
Woolworths said it has been unable to recover the information as the customer in question has not been willing to engage with Big W.
Woolworths requested additional information about the data breach be kept confidential because “it contains information regarding BIG W’s business processes and identify and role of individuals involved”.
In a statement, a Big W spokesperson said it informed the affected customers of the breach in May, and notified the OAIC within the required time frame.
“We deeply regret this happened and have apologised to each customer personally,” the spokesperson said.
“Following the event, we updated our store policies and team training on data protection across all BIG W stores so that an error like this will not occur in the future.”
The Big W breach is just one of the leaks Woolworths has disclosed to the OAIC in recent years, with a malicious Woolworths Rewards data breach from earlier this year also featuring.
Physical data breaches “more prevalent than we believe”
No financial information was compromised in the leak, but Andrew Bycroft, chief executive of the International Cyber Resilience Institute, says the breach showcases that information security is not just digital.
“It’s more prevalent than we believe,” he tells SmartCompany.
“A lot of this goes unreported because it’s not considered a data breach.”
Bycroft says the prevalence of digital data breaches has resulted in information security being lumped in with digital technology in recent years, which is dangerous.
“One of the common ones is people disposing of information in the garbage instead of shredding it.
“The other one as well that tends to happen is people printing documents and reading them on the train — everyone has a smartphone these days,” he says.