Cyber Incident Victim: David Jones

In October 2015, Australian retailer David Jones disclosed a cybersecurity breach involving unauthorized access to its computer systems. The company notified customers via email on the morning of October 2 that attackers had exploited a vulnerability in its website, resulting in the theft of personal customer information. Compromised data included names, email addresses, and physical addresses, though the retailer confirmed no credit card details, financial information, or passwords were accessed. David Jones detected the intrusion shortly before its public disclosure and implemented immediate containment measures to prevent further unauthorized activity. The breach occurred amid heightened cybersecurity concerns in Australia's retail sector, coming just one day after Kmart Australia announced its own customer data theft incident. David Jones declined multiple media interview requests and did not disclose the number of affected customers or the specific timeframe of the intrusion beyond confirming its recent discovery.

The retailer proactively warned customers about potential follow-up attacks using the stolen personal information, advising against sharing financial details via unsolicited phone calls or emails. David Jones formally reported the incident to Australia's Privacy Commissioner as part of mandatory data breach notifications. The Office of the Australian Information Commissioner acknowledged receiving the notification but stated it required further details from David Jones before determining whether to initiate an independent investigation. This incident contributed to a significant increase in reported data breaches during the 2014-15 financial year, as noted by the Privacy Commissioner's office. The company maintained operational continuity throughout the incident while facing public scrutiny over its cybersecurity practices alongside other major retailers experiencing similar breaches during this period.