The Australian supermarket chain Woolworths recently canceled more than $1 million in gift cards after a spreadsheet containing data on almost 8,000 of the cards was mistakenly sent to over 1,000 people, The Sydney Morning Herald reports.
Instead, some customers received an Excel spreadsheet containing information on 7,941 cards worth a total of $1,308,505.
One customer, Luke from Perth, Western Australia, told the Herald he quickly realized other people had received the same information, and that the cards were being used inappropriately. “One of my gift cards had [been] used for online shopping already,” he said. “Another one had been used in store at Woolworths Parramatta.”
Another customer told the Herald he tried to use his gift cards to pay for groceries at a Woolworths store, only to be accused of stealing them. “They took my money from my credit card and told me I was using stolen cards,” he said. “I could not take the trolley of groceries home as I did not have enough money to pay.”
All affected customers were notified by email on Saturday that the gift cards had been canceled.
The company wouldn’t provide the Herald with details on how the data breach occurred or how many customers were affected, but stated, “Woolworths takes the concerns of its customers and data security seriously. We experienced a technical fault with an e-voucher offered to customers this week. We are working to resolve the issue and are assisting customers.”
“Securing your network is one thing,” FinalCode CEO Gord Boyce told eSecurity Planet by email. “Keeping your files secure outside that network is quite another.”
“Woolworth reminds us that protecting yourself from human error is just as important as protecting yourself from hackers and malware,” Boyce added.
A survey conducted last year by Workshare found that 68 percent of professionals have exposed their companies’ confidential information by failing to remove hidden data from documents they share, even though 65 percent say it’s their responsibility to ensure that sensitive company data is not leaked.