Harvey Norman apologises to customers for data breach

Names, email addresses and phone numbers ‘may have been compromised’, firm says

No sensitive personal data such as customers’ payment data, bank details or passwords was involved in the data breach, Harvey Norman said. Photograph: Cyril Byrne
No sensitive personal data such as customers’ payment data, bank details or passwords was involved in the data breach, Harvey Norman said. Photograph: Cyril Byrne

Home and lifestyle retailer Harvey Norman has apologised to customers after suffering a data breach through the systems of a third-party website service provider.

Harvey Norman operates 13 outlets in the Republic and two stores in Northern Ireland. Its 13th store in the Republic was opened last year after it acquired a 60,000sq ft facility in Tallaght’s Airton Retail Park.

The company wrote to customers on Tuesday warning that names, email addresses, and telephone numbers “may have been compromised”.

"We wish to alert you to a data breach that has occurred in the systems of a third-party website service provider, Typeform, which has resulted in the unauthorised access to some Harvey Norman data," it said.

READ SOME MORE

Typeform provides survey and online form software which is used on Harvey Norman’s website.

On Monday, London’s famous upmarket food store Fortnum & Mason said about 23,000 of its customers had been contacted over a data breach at Typeform.

In its letter to customers on Wednesday, Harvey Norman said names and email addresses had also been affected.

“As a result of this breach some of your personal data may have been compromised,” it said. “This data includes your name, email address and your telephone number.

“No sensitive personal data such as payment data, bank details or passwords are involved.”

The letter said the company was notified of the breach on June 29th and informed the Office of the Data Protection Commissioner.

“Typeform has assured us they have taken all of the necessary steps to secure the data they hold and we have instructed them to delete all personal data belonging to our customers from their systems immediately,” Harvey Norman said.

“We recommend that you take some additional measures in the management of your emails to identify any phishing or scam emails.

“In particular, if you receive any email from Harvey Norman asking for payment, a credit card number or any other confidential information, do not answer and contact us immediately.

“Harvey Norman understands that the safety and protection of the personal information you provide us with is of the utmost importance. We take the protection of that information very seriously and we are very sorry to have to notify you of this situation.”

Colin Gleeson

Colin Gleeson

Colin Gleeson is an Irish Times reporter