Kmart Australia’s online operations have been hacked. The hacking, which has seen customers' personal contact details being handed over to unknown cyber attackers, is being euphemistically called an external data breach by the company.

"Kmart Australia understands that the safety and security of customer's personal information is important and has engaged leading IT forensic investigators to thoroughly review this matter fully," an email to affected customers says.

A statement from the company says the breach "only impacts a selection of customers who have shopped online with Kmart Australia," and that all customers that had been affected had been contacted directly.

"If customers have not received a message from Kmart Australia regarding this situation, they have not been impacted," the statement says.

Kmart in Australia is owned by Wesfarmers and unrelated to the Kmart in the US.

A statement on the company's website says:

"“Kmart Australia is urgently addressing an external privacy breach of its customer online product order system that was experienced yesterday (29 September).



“The breach included customers’ identity (name), email address, delivery and billing address, telephone number and product purchase details. No online customer credit card or other payment details have been compromised or accessed.



Yesterday, an email was sent directly to those customers whose details were accessed to inform them of this situation and Kmart Australia has posted details of the breach on its social media pages.



“This breach only impacts a selection of customers who have shopped online with Kmart Australia. If customers have not received a message from Kmart Australia regarding this situation they have not been impacted.



“As soon as Kmart Australia was made aware of this breach, immediate action was taken to stop any further information being accessed. The safety and security of customer’s private information is a priority for Kmart Australia. Kmart Australia has engaged leading IT forensic investigators and has contacted the Office of the Australian Information Commissioner and Australian Federal Police to thoroughly review this matter. Kmart Australia is unable to make any further comment at this time.



“Kmart Australia sincerely apologises for any inconvenience this incident has caused and if any customers are concerned they can contact Kmart Australia on 1800 124 125.”

Sieng Chye Oh, malware researcher at digital protection company, ESET, commented: “As email addresses and contact numbers have been leaked, affected customers should be wary of any emails or phone calls they receive. Cybercriminals may use the disclosed information trick customers into revealing further information to gain access to valuable profiles and accounts. This is commonly known in the industry as social engineering.

“Kmart have not made it clear if any passwords were stolen in the breach. If passwords were stolen, cybercriminals will likely use the credentials to target other sites such as social networks, email accounts, and others. To stay safe, any customers that shop online with Kmart should change their password for this site and all others, especially those who use a single password for multiple online accounts.”