Woolworths is the latest brand to face a data leak, with the supermarket giant unwittingly sending more than $1 million worth of shopping vouchers to people who had purchased vouchers from the deals site, Groupon.
The Sydney Morning Herald reported yesterday that Woolworths mistakenly emailed the redeemable codes of 8000 gift cards containing the customers' names and email addresses. The email reportedly contained an excel spreadsheet with the details of thousands of customers and a downloadable link to 7,941 vouchers, worth a total of $1,308,505.
The vouchers were redeemable at Woolworths online and in-store, Big W stores, and Caltex petrol stations, and as soon as the email hit inboxes people started spending, and not just their own vouchers.
Woolworths was quick to rectify the situation with the cards quickly being cancelled and reissued.
A spokesperson for Woolworths said in a statement: “Woolworths takes the concerns of its customers and data security seriously.
“On Saturday we were alerted to a technical fault with an e-gift card offered to customers. These e-gift cards have been cancelled and affected customers have been provided with new e-gift cards for use in-store. Woolworths apologises for the inconvenience this has caused our customers”
CEO for ADMA (Association of Data-Driven Marketing and Advertising), Jodie Sangster, said that while it's a fact of doing business that data may be accessed, it is important for a brand to do all they can to secure their data.
“It's a legal requirement,” Sangster told AdNews. “They [brands] also need to make sure that they have procedures so that if it does happen they can respond to it quickly.”
Sangster explained that dependant on the information being dealt with by the brand, there are different levels of protection needed and she said that in the Woolworths case it appears the brand has followed best practise to ensure that both the situation was quickly rectified and that customers knew what was going on.
However there is still a certain level of brand damage that occurs when any data is leaked.
“It all comes down to transparency and making sure that you can be seen to be taking all the right steps to not only mitigate what ever happened, but also put in place further procedures to stop it happening again,” she said.
“It's not ideal for brands but the more they can do to show that data protection is important, the better, and that's not just after a data breach but that's all the time. Moving forward for brands the brands that are proactive about this and are proactive about transparency and proactive about consent are going to be the brands that differentiate themselves into the future as data becomes more prevalent.”
Have something to say on this? Share your views in the comments section below. Or if you have a news story or tip-off, drop us a line at email@example.com