A
STATEMENT FROM LE CREUSET
NOTIFICATION OF A CYBER SECURITY INCIDENT
30 June 2021
We would like to let you know of a recent cyber security incident that has affected our operations in Australia, New Zealand and Canada. Please read the below if you are, or have been, one of our online customers in Australia, or you are an Australian or New Zealand customer who has registered warranty claims or product replacements.
We take the privacy and security of our customers’ personal information very seriously, and are providing this statement to explain the incident, the personal information that may have been impacted, the measures we have taken in response, and the steps you should consider taking to help protect your information and identity.
ABOUT THE INCIDENT
On 7 June 2021 our IT security systems triggered an alert of a cyber security incident involving unauthorised access of your personal information. We promptly initiated a cyber security response and launched an investigation to determine the nature and scope of the incident. We also engaged a cyber security firm to assist in strengthening our systems, investigating the incident, and identifying any potentially compromised information.
The investigation has determined that an unauthorised third party accessed and acquired data from Le Creuset’s servers between June 4 and June 13, 2021, and that some personal information relating to records of a number of our Australian and New Zealand customers may be affected.
PERSONAL INFORMATION IMPACTED
If you have made a purchase on our website, www.lecreuset.com.au or registered warranty claims or product replacements between 24 June 2011 and 12 June 2021, your personal information may have been affected. We estimate that the personal information of less than 37,000 people in Australia and New Zealand is affected by the cyber security incident.
If you are one of the people affected, we apologise for the concern and inconvenience that this cyber security incident may cause you. We want to assure you that we are doing everything we can to minimise any adverse impact on you and to address the root cause of the incident so we can prevent its reoccurrence.
The personal information affected by the cyber security incident is limited to the name, email address, physical address and telephone number of:
- Australian customers who made online purchases with us through the www.lecreuset.com.au website or registered warranty claims or product replacements between 24 June 2011 and 12 June 2021
- Australian and New Zealand customers who registered warranty claims or requested product replacements between 24 June 2011 and 12 June 2021
We do not store your credit card or payment details and we emphasise that at this stage there is no evidence that any passwords or financial information were compromised by the cyber security incident.
WE ARE TAKING A NUMBER OF STEPS FOR YOUR PROTECTION
We have engaged experienced cyber security experts to assist us in the swift containment of the data breach and we have already stopped the unauthorised export of the affected personal information outside of Le Creuset.
We continue to take additional security measures to stop and mitigate any threats. We are conducting a thorough investigation into the causes of the cyber security incident, so we can take steps aimed to prevent a reoccurrence.
We have already reported the cyber security incident to the Australian Cyber Security Centre. The Australian Cyber Security Centre may then refer our report to the appropriate police jurisdiction for assessment and law enforcement. This helps to disrupt cybercrime operations and we have done this to provide the Australian Cyber Security Centre with the best possible chance to bring the criminals to justice and prevent them from further attacks.
HOW TO GET IN TOUCH WITH US
Again, we apologise for the concern and inconvenience this cyber security incident may have caused you. Should you have any queries about this cyber security incident please contact us at any of the following:
- data.anz@lecreuset.com
- Le Creuset Australia Pty Limited, Suite 4, Level 4, 601 Pacific Highway, St. Leonards, NSW 2065. Australia.
+61 2 9917 1115 (from within and from outside Australia) from 9am until 5pm Australian Eastern, Monday to Friday.
- Le Creuset New Zealand Limited, PO Box 72792, Papakura, Auckland, 2244, New Zealand.
+61 2 9917 1115 (from within and from outside Australia) from 9am until 5pm Australian Eastern, Monday to Friday.
Sincerely,
Michael Scheepers
CEO, Le Creuset EMEA
- We emphasise that at this stage there is no evidence that any passwords or financial information (such as credit card details) were compromised by the cyber security incident.
- However, as a precautionary measure we encourage you to frequently reset the password of your user account with us and encourage you to do so now.
- If you would like further comfort that your financial information is not compromised or misused, we recommend that you monitor your credit card activity or access your credit report from leading credit bureaus.
- Please also be wary that any messages that you receive from Le Creuset, which might look like they are from Le Creuset, may in fact be scam messages. We will never ask you to pay using a money order, pre-loaded money card, or wire transfer or ask you to send us your password over email or phone. If you receive a message asking for this kind of information it will not be from us, and it may be a scam.
- If you receive a suspicious message from someone impersonating Le Creuset, do not provide them with your personal information and please let us know about it. We also encourage you to report any suspicious or fraudulent activity or theft to your local police authority or:
- in Australia: to the Australian Competition & Consumer Commission or;
- in New Zealand: to the New Zealand Department of Internal Affairs or to Netsafe.
- We encourage you to double-check email addresses from incoming emails. Cybercriminals can pose as Le Creuset representatives and ask for your credentials. Do not click on suspicious looking links or download files from unknown sources.
- We also advise you to be on guard by monitoring emails and accounts generally for signs of any activity that you do not recognise.
- Please feel free to check with us directly (using the contact details below) if you are unsure about a message you receive from us.
We realise that a cyber security incident of this nature may cause you concern. We provide the following FAQ’s to assist you in understanding the incident and provide you with practical answers to your questions.
Q: I transacted on the Le Creuset Australia website, is my personal information part of the cyber security incident?
A: Yes, if you transacted online or registered a warranty claim or product replacement between 24 June 2011 and 12 June 2021 some of your personal information is likely to have been accessed by an unauthorised third party.
Q: What was the nature of the personal information affected by the cyber security incident?
A: Names, email addresses, telephone numbers and postal addresses.
Q: I’ve transacted on the Le Creuset Australia website, is my credit card information compromised?
A: No, any credit card transaction information is handled by third party providers using their security systems and this was not included in your personal information held by us.
Q: Is any other financial information included in the personal information which was compromised?
A: No, the personal information relating to you held by us, which was included in the data that was breached, did not include any financial information such as bank account details or tax file numbers.
Q: Is my password still safe?
A: Our expert investigations to date show that passwords were not affected by the incident. However, as a precautionary measure we encourage you to reset it. You should do this often.
Q: What can I do as an additional check to be sure that my financial information is not in the public domain?
A: If you would like further comfort that your financial information is not in the public domain, you should monitor your credit card statements for activity or purchases which look suspicious or access your credit report from leading credit bureaus.
Q: Is there anything else I should do?
A: Please also be wary of any scam messages. Sometimes even unrelated cyber criminals use a cyber security incident to exploit people. We will never ask you to pay using a money order, pre-loaded money card, or wire transfer or ask you to send us your password over email or phone. If you receive a message asking for all kinds of information, it is not from us and it may be a scam. Cybercriminals can pose as Le Creuset representatives and ask for credentials. Do not click on suspicious looking links or download files from unknown sources. Be on guard by monitoring emails and accounts generally for signs of any activity that you do not recognise.
If you receive a suspicious message from someone impersonating Le Creuset, please let us know about it (using the contact details below not just be responding or replying to the potential scam email).
Q: How do I contact Le Creuset?
A: Should you have any queries about this cyber security incident please contact us at any of the following:
- data.anz@lecreuset.com
- Le Creuset Australia Pty Limited, Suite 4, Level 4, 601 Pacific Highway, St. Leonards, NSW 2065. Australia.
+61 2 9917 1115 (from within and from outside Australia) from 9am until 5pm Australian Eastern, Monday to Friday.
- Le Creuset New Zealand Limited, PO Box 72792, Papakura, Auckland, 2244, New Zealand.
+61 2 9917 1115 (from within and from outside Australia) from 9am until 5pm Australian Eastern, Monday to Friday.
