In a significant data breach, Australian supermarket chain Woolworths mistakenly emailed out a spreadsheet with the personal details of thousands of customers, as well as the redeemable codes of 7,941 gift cards.
The release of the gift card codes — valued at A$200 and A$100 each and purchased last week by customers on deals website Groupon — meant anyone who received the codes could immediately begin to shop online and in store.
Discovered Saturday morning, the incident occurred when an email was sent in error to around 1,000 people with an Excel spreadsheet attached. The details reportedly leaked in the attachment included customer names and email addresses, as well as gift card codes worth up to A$1,308,505.
Many customers realised their cards had already been spent when they went to shop or check their balance Saturday morning.
One customer named Luke, who did not provide his last name, told the newspaper a portion of his 10 gift cards — worth A$1900 total — was gone. “One of my gift cards had been used for online shopping already. Another one had been used in store at Woolworths Parramatta,” he said. “Hopefully my email address doesn’t end up somewhere where it permanently gets lots of spam.”
Customers were sent an email by Woolworths Saturday evening, saying the cards had been cancelled.
“Woolworths takes the concerns of its customers and data security seriously,” a Woolworth spokesperson told Mashable Australia. “On Saturday we were alerted to a technical fault with an e-gift card offered to customers. These e-gift cards have been cancelled and affected customers have been provided with new e-gift cards for use in-store. Woolworths apologises for the inconvenience this has caused our customers.”
Shopping chains worldwide have suffered significant data breaches in recent years. A hack at Target in the U.S. in 2013 affected around 40 million credit and debit cards, while some estimates found the personal information of up to 110 million people was also potentially leaked.