Some Bunnings customers have been caught up in a data breach affecting more than 3 million accounts through online booking system FlexBooker, used by companies around the world.
One customer was unhappy to find out from a third-party website, Have I Been Pwned , and not Bunnings that his data had been taken. Other customers said on social media they were also victims of the data breach.
The customer, who did not want to be named for professional reasons, said he got an alert on January 6 about the breach which happened in December.
Bunnings used FlexBooker for click and collect orders, and the customer had used it last October during a Covid lockdown.
He had started receiving a lot of scam text messages about parcels and a random phone call from the United States, and said “the spam going through my inbox has just gone through the roof”.
“The fact that’s my data that I’ve given to them for one purpose, and it’s now been lost, so [it is] super frustrating that they’re not taking the proper care there to make sure that data’s being looked after especially in this day and age.
“And when you look at Bunnings, you think that a lot of their customers aren’t necessarily going to be tech natives so getting a phone call like this, they might be quite vulnerable to scams.”
He had signed up to website Have I Been Pwned a few years ago, and this was the first alert from them.
As a result of the breach he was forced to change his email address, he said, and was considering whether to change his phone number.
“My phone’s just blown up by these text messages all the time, and I’m basically scared to open up my phone now because it’s like, what’s going to be coming at me now?”
He was also concerned about whether his data was safe now, and if he was vulnerable to identity theft..