Incident: Australian Bunnings Customers Appear To Be Caught Up in FlexBooker Breach | Crikey
Australian Privacy Breach,
10 January 2022
Bunnings private customer data exposed in data breach
Names, phone numbers and email addresses have been exposed via a third-party website FlexBooker.
Bunnings customers who used its Drive & Collect service have been told their private information may have been leaked in a data breach affecting a third-party software platform.
Bunnings chief information officer Leah Balter confirmed that customers’ data could be included in the leak. She said said the leak would only include customers’ full name and email address as Bunnings does not collect credit card numbers, phone numbers or passwords when using FlexBooker.
In December 2021, the online booking service FlexBooker suffered a data breach that exposed 3.7 million accounts. The data included email addresses, names, phone numbers and for a small number of accounts, password hashes and partial credit card data. FlexBooker – “On December 23, 2021, starting at 4:05 PM EST our account on Amazon’s AWS servers was compromised.”