Good Guys Retailer Alerts Customers of Potential Data Breach

Have the Bad Guys done a number on the Good Guys?

The Good Guys has become the latest company to reveal that its customers have been affected by a data breach that occurred at My Rewards – a 3rd part loyalty program provider.

The breach, which occurred in August 2021, exposed limited customer data such as names, addresses, phone numbers and email addresses. In some cases, an encrypted password and date of birth were also leaked.

The breach only affected Good Guys customers who were part of its Concierge loyalty program. The JB Hi-Fi-owned retailer has since emphasised that no personal identity documents or financial information such as driver’s licence, passport or credit card data was involved in the breach.

The Good Guys is no longer a My Rewards customer, and all My Rewards accounts linked to Concierge member benefits have been closed. My Rewards apparently no longer holds any personal information of Concierge members.

It’s important to now that this in-fact is not the first time that My Rewards has been linked to a data breach, with Telstra and NAB among some of the users impacted by a platform breach reported last year.

18 months…

Under the Privacy Act 1988, organisations are required to take all reasonable steps to assess a suspected data breach within 30 days of becoming aware of it. However, this 30-day window is only applicable to suspected data breaches and should not be seen as authorisation to not report for 30 days. The Australian Information Commissioner recommends that organisations use the 30-day period as the maximum timeframe to complete an assessment, and attempt to finish the assessment in a shorter time period when possible.

Given these conditions, it begs the question as to why it’s taken up 18-months for individuals that have been affected by the data breach to be made aware that there personal information may have been stolen…