Ritchies loyalty program data storage incident
Dear Ritchies’ loyalty program customer
We recently became aware that some customer information held by a third-party supplier associated with our loyalty program had not been stored in line with our usual data security protocols. This data storage issue may have involved some of your basic contact information.
We understand this news may be concerning. We want to assure you that we have found no evidence of any malicious activity or misuse of personal information in relation to this incident.
What happened?
A detailed investigation has confirmed that some basic personal information was potentially accessible.
This incident has only impacted some members of Ritchies’ loyalty program. It does not impact Ritchies’ online shopping provider, Christmas Club program, or any other program affiliated with Ritchies.
We can assure you that no bank or credit card details are involved in this incident.
Ritchies’ systems remain secure as this issue has impacted our third-party supplier only. We have worked with the third-party supplier and secured the storage of the information. The potentially impacted data is no longer accessible.
Impacted Personal Information
Our investigation to date indicates that some of your personal information, provided when you signed up to Ritchies’ loyalty program, may have been impacted. This includes your:
· name; and
· phone number.
We are committed to providing you with the support and assistance you need during this time. A dedicated webpage has been created to inform you of any relevant developments – it can be accessed here: https://www.ritchies.com.au/loyalty-privacy-update
We have also set out guidance below on steps you may wish to take in response to this incident, and support services available to you.
What action has Ritchies taken?
Ritchies has worked with its third-party supplier and secured the storage of this information. The potentially impacted data is no longer accessible. We have also informed the Office of the Australian Information Commissioner (OAIC) of the incident.
We have not detected misuse of any of your personal information, and we are monitoring for any further activity.
Ritchies loyalty program
Ritchies’ loyalty program and system is secure and the program remains an important way we give back to our customers and our community through savings, benefits and donations.
Our community benefit program has facilitated more than $55 million for over 5,000 clubs, schools and charities across Australia. We encourage you to remain a part of our unique community focused loyalty program.
What steps can you take to protect your information?
Please read this communication and the ‘Questions and Answers’ section below. It provides advice on steps you can take to protect your information against potential misuse.
If you have any additional questions, please contact our dedicated support line 1300 420 228.
The security of our customers’ personal information is one of our highest priorities. We take this incident very seriously. We apologise for any concern or frustration this may have caused you and thank you for your understanding.
Questions and Answers
We recommend you remain vigilant against the risk of phishing emails and scams, which are often the most likely risk associated with any unauthorised access to contact information.
Scam calls and phishing emails are becoming increasingly sophisticated and can appear to come from legitimate email addresses or phone numbers with local area codes. They will often claim to be contacting you from a reputable organisation, such as a government entity, bank, or telecommunications agency. They will also create a sense of urgency to try to get you to disclose sensitive information or to elicit funds.
What precautionary steps can I take?
There are some steps you can take to help protect yourself against these scams. We recommend you take the following steps:
Where a third party has accessed your contact information, it is important to:
· be aware of email, telephone and text-based scams. Do not share your personal information with anyone unless you are confident about who you are sharing it with;
· when on a webpage asking for your login credentials, take note of the web address or URL ('Uniform Resource Locator'). The URL is located in the address bar of your web browser and typically starts with https://;
· if you are suspicious of the URL, do not provide your login details. Contact the entity through the usual channels to ensure you are logging into the correct web page. Please note that we will never contact you to ask for your username or password;
· enable multi-factor authentication for your online accounts where possible, including your email, banking, and social media accounts;
· ensure you have up-to-date anti-virus software installed on any device you use to access your online accounts;
· check the strength of your passwords and whether they have been involved in any data breaches on the NSW Government password checker website (this tool can be used by all Australians and is not restricted to those living in New South Wales): https://www.nsw.gov.au/id-support-nsw/passwords; and
· follow the Australian Competition and Consumer Commission's Scamwatch guidance for protecting yourself from scams here: https://www.scamwatch.gov.au/get-help/protect-yourself-from-scams/.
For more information, you can visit the OAIC’s tips for further guidance about protecting your identity: https://www.oaic.gov.au/privacy/your-privacy-rights/tips-to-protect-your-privacy/.
Who can I contact for more information about cyber security?
Additional general resources on identity and cyber security support can be found here:
· https://www.oaic.gov.au/privacy/data-breaches/data-breach-support-and-resources/
· https://www.cyber.gov.au/protect-yourself
· https://www.cyber.gov.au/report-and-recover/have-you-been-hacked
A reminder that a dedicated webpage has been created to inform you of any relevant developments – it can be accessed here: https://www.ritchies.com.au/loyalty-privacy-update