“Bunnings takes the security of our customers’ and team members’ personal information very seriously, and will carry out a thorough investigation into this incident. We are currently working with Flexbooker to further understand how the breach occurred in their systems and the extent of the impact,” the statement continued. “Please be assured that passwords, credit card information and mobile numbers are not collected when using Flexbooker to make a booking with us, and we are confident that none of these categories of customer data have been compromised. “We wanted to let you know that we have recently been made aware of a data security breach experienced by our third-party booking provider, Flexbooker, which may have included the name and email address you provided when selecting a timeslot for a previous Bunnings Drive & Collect order,” the email read.
FLEXBOOKER DATA BREACH 2021 PASSWORD
Password information has been encrypted, and the encryption key was not accessed or downloaded, the business said.ĭespite this, a post from the hacker forum uncovered that the final three digits of credit card numbers may have been taken.īunnings shared an email to its customers in the wake of the breach. FlexBooker has since assured that no passwords or credit card information was uncovered in the breach, but was limited to names, email addresses and phone numbers. The hack in question calls itself ‘Uawrongteam’, and dumped stolen data from FlexBooker to a forum on December 23, 2021. According to the Have I Been Pwned data breach notification service, the FlexBooker attack compromised data of more than 3. FlexBooker is currently used by medical organisations, finance businesses and retailers including Bunnings for appointment reservations, such as Click & Collect. Roughly 3.7 million users may have been exposed to the cyber security breach, prompting FlexBooker to apologise in an email this week. In response to the outage, we worked closely with Amazon to restore a backup, and were able to restore operations within 12 hours.”
“As part of the incident, our system data storage was also accessed and downloaded. “On December 23, 2021, starting at 4:05 PM EST our account on Amazon’s AWS servers was compromised, resulting in our temporary inability to service customer accounts, and preventing customers from accessing their data,” read a statement from FlexBooker. Its Amazon AWS server had been compromised – ‘system data storage was also accessed and downloaded’, the business explained. The data was found being actively traded on a popular hacking forum. The data included email addresses, names, phone numbers and for a small number of accounts, password hashes and partial credit card data. Drive & Collect customers of the Australian retailer may have had their personal data compromised, as the third-party booking system, FlexBooker, suffered a cyber security breach last year. FlexBooker: In December 2021, the online booking service FlexBooker suffered a data breach that exposed 3.7 million accounts.
0 kommentar(er)
