Picture this. You’re at a Gourmerican burger joint chomping a cheeseburger, when an outspoken vegan friend starts preaching that you’re killing the planet. Last week, that same vegan downed a pricey glass of pinot before their flight to a far-flung destination, armed with their strongest mossie repellant and first aid kit. Anything amiss?
Woolworths has apologised to customers following a gift card breach worth more than $1 million that saw nearly 8000 customer records containing names and email addresses leaked to other consumers.
The breach occurred after online discount site, Groupon, offered consumers a deal to buy BigW $100 and $200 gift vouchers at a 7.5 per cent discount last week. Nearly 8000 vouchers worth $1.3m were sold as part of the deal, according to a SMH report.
Customers who purchased the gift cards via Groupon were to be sent an email with a PDF attachment of their electronic voucher. However, according to the story posted on the SMH, when some customers opened the attachment, they found the spreadsheet containing the links to over $1 million worth of vouchers.
It is understood the attachment was emailed to more than 1000 other consumers, allowing them to not only access the gift card codes and begin shopping, but also see other consumers’ names and email addresses. The SMH quoted several customers who had paid for the vouchers via the Groupon site, and who said their gift cards had already been used in stores by other consumers.
In a statement to CMO today, Woolworths confirmed the vouchers had been cancelled and new ones issued to customers. The supermarket giant also reiterated its commitment to customer data security and apologised for the “technical fault”.
“Woolworths takes the concerns of its customers and data security seriously,” the statement read.
“On Saturday we were alerted to a technical fault with an e-gift card offered to customers. These e-gift cards have been cancelled and affected customers have been provided with new e-gift cards for use in-store.
“Woolworths apologises for the inconvenience this has caused our customers.”
A spokesperson for the Office of the Australian Information Commissioner said it is aware of the incident and has approached Woolworths for further information.
"We will assess the information provided by Woolworths to determine what further action may be required," it said in a statement to CMO.
"If people affected by this incident have any concerns about their personal information, they should contact Woolworths in the first instance. If they are not satisfied with any response they receive they can contact our enquiries line on 1300 363 992 to get more information about how the Privacy Act might apply and how they can make a complaint."
According to the Groupon website, more than 9100 electronic gift cards valued at $100 and $200 were purchased as part of the deal, with consumers purchasing up to 10 at a time. The vouchers were sold at a 7.5 per cent discount and could be used in Big W stores nationally.
Follow CMO on Twitter: @CMOAustralia, take part in the CMO Australia conversation on LinkedIn: CMO Australia, join us on Facebook: https://www.facebook.com/CMOAustralia, or check us out on Google+: google.com/+CmoAu