Australian high-falutin retailer David Jones has become the second in two days to admit to a data breach of its retail systems.
DJ's statement is remarkably similar in its substance to Kmart's: like the down-market chain, DJs says “The information obtained was restricted to customer name, email address, order details and mailing address.”
So, only sufficient for identity theft, rather than a straight-out card theft.
Passwords were not obtained, the retailer says, and credit card information is passed off to the bank and not stored by DJs.
The company has reported the breach to the Office of the Australian Information Commissioner and the AFP.
The attackers hit DJs on September 25, the statement says.
As the following screengrabs from Netcraft show, both retailers had this in common: they use the IBM WebSphere retail platform.
Kmart's Netcraft report
...And DJs. Spot the difference
The Register has contacted IBM to ask whether its WebSphere platform was the weak point in the attacks. ®