Australian retailer's payment portal compromised, resulting in $6,000 in losses
- Replies 8
In the digital age, the convenience of online shopping is undeniable. With a few clicks, we can have everything from the latest gadgets to our weekly groceries delivered to our doorstep.
But this convenience can come at a high price, as one Australian shopper discovered after a retailer's payment portal was hacked, leading to a staggering $6,000 in fraudulent charges on his credit card.
The incident has left many Australians questioning the security of their online transactions and the responsibility of retailers to protect their customers' sensitive information.
The breach, which went unnoticed for an entire year, has exposed the personal data of countless customers, leaving them vulnerable to financial theft and fraud.
Steve, a Melbourne man who fell victim to this breach, shared his frustration and disbelief.
He had purchased a kettle from an online electrical retailer, Stan Cash, using his credit card—a card he had never used online before.
Shortly after, he awoke to a nightmare scenario: his card had been used for unauthorised transactions, including flights, food delivery, and international purchases, totalling around $6,000.
The recovery process was long and arduous, with Steve having to wait for pending transactions to clear before his bank could take action.
When Steve finally received communication from Stan Cash and its sister store, Billy Guyatts, the response was underwhelming.
The email advised customers to remain vigilant for suspicious activity on their credit cards but offered no apology or compensation for the breach.
‘We recommend you remain alert for any suspicious activity on the credit card you used to make the purchase. If you see any suspicious activity, you should contact your financial institution,’ the email wrote.
‘Stan Cash and Billy Guyatts do not store payment details, and no customer account passwords have been compromised in this breach.’
Steve's attempts to seek acknowledgment and support from the retailer were met with silence, adding insult to injury.
‘I was just angry as I just thought there is no apology, and they were palming off the blame to a third party—that was pretty poor,’ he said.
‘I thought, at the very least, they could have replied to my email and acknowledged it. But they just brushed their hands off it,’
‘It’s such a horrible feeling having fraudulent transactions, especially when it’s a big number like that. It’s your money and your savings, and someone has helped themselves with it.’
The parent company of Stan Cash and Billy Guyatts, BSR Group, expressed regret over the incident and assured that steps were taken to notify affected customers and remediate the breach.
‘After thorough forensic IT investigations, BSR determined the risk period and then took immediate steps to notify and communicate with the potentially impacted customers, whilst simultaneously taking all reasonable steps to remediate the breach,’ a spokesperson for the BSR group said.
‘We promptly notified the OAIC and the Victorian Police and assisted customers who reported potential fraud to be contacted by the Victorian Police who were investigating the incident.’
They also reported the breach to the Office of the Australian Information Commissioner (OAIC) and the Victorian Police.
However, details on the number of impacted customers and the extent of the data accessed were not disclosed.
The OAIC confirmed that BSR Group had complied with the Notifiable Data Breaches scheme.
‘Under the Notifiable Data Breaches scheme, any organisation or agency the Privacy Act 1988 covers must notify affected individuals and the OAIC when a data breach is likely to result in serious harm to an individual whose personal information is involved,’ a spokesperson stated.
Have you ever been a victim of online fraud, and how did you handle it? Share your experiences in the comments to help fellow members stay safe.
But this convenience can come at a high price, as one Australian shopper discovered after a retailer's payment portal was hacked, leading to a staggering $6,000 in fraudulent charges on his credit card.
The incident has left many Australians questioning the security of their online transactions and the responsibility of retailers to protect their customers' sensitive information.
The breach, which went unnoticed for an entire year, has exposed the personal data of countless customers, leaving them vulnerable to financial theft and fraud.
An Australian retailer's payment portal was hacked, exposing customer data and causing $6,000 in fraudulent charges on one card. Credit: Depositphotos
Steve, a Melbourne man who fell victim to this breach, shared his frustration and disbelief.
He had purchased a kettle from an online electrical retailer, Stan Cash, using his credit card—a card he had never used online before.
Shortly after, he awoke to a nightmare scenario: his card had been used for unauthorised transactions, including flights, food delivery, and international purchases, totalling around $6,000.
The recovery process was long and arduous, with Steve having to wait for pending transactions to clear before his bank could take action.
When Steve finally received communication from Stan Cash and its sister store, Billy Guyatts, the response was underwhelming.
The email advised customers to remain vigilant for suspicious activity on their credit cards but offered no apology or compensation for the breach.
‘We recommend you remain alert for any suspicious activity on the credit card you used to make the purchase. If you see any suspicious activity, you should contact your financial institution,’ the email wrote.
‘Stan Cash and Billy Guyatts do not store payment details, and no customer account passwords have been compromised in this breach.’
Steve's attempts to seek acknowledgment and support from the retailer were met with silence, adding insult to injury.
‘I was just angry as I just thought there is no apology, and they were palming off the blame to a third party—that was pretty poor,’ he said.
‘I thought, at the very least, they could have replied to my email and acknowledged it. But they just brushed their hands off it,’
‘It’s such a horrible feeling having fraudulent transactions, especially when it’s a big number like that. It’s your money and your savings, and someone has helped themselves with it.’
The parent company of Stan Cash and Billy Guyatts, BSR Group, expressed regret over the incident and assured that steps were taken to notify affected customers and remediate the breach.
‘After thorough forensic IT investigations, BSR determined the risk period and then took immediate steps to notify and communicate with the potentially impacted customers, whilst simultaneously taking all reasonable steps to remediate the breach,’ a spokesperson for the BSR group said.
‘We promptly notified the OAIC and the Victorian Police and assisted customers who reported potential fraud to be contacted by the Victorian Police who were investigating the incident.’
They also reported the breach to the Office of the Australian Information Commissioner (OAIC) and the Victorian Police.
However, details on the number of impacted customers and the extent of the data accessed were not disclosed.
The OAIC confirmed that BSR Group had complied with the Notifiable Data Breaches scheme.
‘Under the Notifiable Data Breaches scheme, any organisation or agency the Privacy Act 1988 covers must notify affected individuals and the OAIC when a data breach is likely to result in serious harm to an individual whose personal information is involved,’ a spokesperson stated.
.png){kind=icon}
