6 December 2018
To our valued guests,
Notice of incident potentially affecting personal information
We wish to notify you of an incident that we have recently been made aware of and have investigated. We value the privacy of our guests and feel it necessary that you should know so you can take steps to minimise any potential risk to your privacy.
We recently became aware that an unauthorised third party had gained access to a secure offsite storage facility and removed archive boxes containing our documents.
After investigation, we believe these boxes may have included documentation containing your personal information and we are keen to help you take steps to protect this.
What personal information was involved in the incident?
We believe the documents may have included your name, contact information (including phone number, email address, home address) and redacted Point of Sale credit card receipt (displaying only the last four digits of the card number) and identification details.
There is a risk that the unauthorised third party may use this personal information to facilitate a phishing call or email attempting to induce you to reveal credit card numbers or other sensitive information. Please be alert for any calls or emails which may appear to come from us and seem genuine, but are actually an attempt to gain access to your information. The calls or emails may ask you for credit card or bank details to facilitate a refund or may request payment of an invoice and provide a link.
We extend our sincerest apology for the inconvenience this may cause you. We wish to reassure you that we take the security and confidentiality of all personal information very seriously. We have taken steps to further strengthen the security measures that protect the documents we store at the secure offsite storage facility
What action have we taken?
Since becoming aware of the incident, we have taken the following steps to reduce the risk to you:
- conducted an investigation and audit to identify the missing documents;
- changed the lock at the secure offsite storage facility;
- implemented stronger processes and procedures around accessing the secure offsite storage facility;
- notified the police;
- notified the Office of the Australian Information Commissioner (OAIC).
What should I do?
It is recommended that you be vigilant about telephone calls, emails and SMS messaging received. When requests for personal information are made by an unexpected caller, it is always best to hang up and (if appropriate) contact the organisation directly on their official number. Be cautious about clicking on links or attachments on email and text communication you are not expecting. Please do your own research and explore alternative contact methods for the sender.
What else can I do?
If you have any concerns, questions or a complaint, please contact our office on the details below and we will assist you as promptly as possible:
Organisation name: Ovolo 1888 Darling Harbour
Phone: +612 8586 1888
Address: 139 Murray Street Pyrmont NSW 2009
If we are unable to resolve any complaint you may have in relation to the handling of your personal information, you may wish to contact the OAIC. The OAIC’s contact details are as follows:
Enquiry line: 1300 363 992
Address: GPO Box 5218, Sydney NSW 2001.