2.2m MyDeal customers data exposed at Woolworths.
Woolworths says the data of 2.2 million customers of a website it owns has been exposed in a cyber-attack. MyDeal.com.au, a subsidiary of the Woolworths Group, has become the latest company targeted in a string of cyber-attacks across Australia.
The Australian online retail marketplace announced yesterday that data was exposed when its customer relationship management system was accessed by a “compromised user credential” something it said it identified that same day.
Here’s the latest information on the MyDeal cyber-attack breach.
Approximately 2.2 million customers were affected.
The Woolworths Group said that all affected MyDeal customers had now been contacted by email.
It said if you have not received an email, you have not been affected.
In a statement, the Woolworths Group said 1.2 million customers involved in the breach had only had their email addresses exposed.
Customers of Woolworths and Everyday Rewards did not have their data compromised.
What Woolworths information was leaked?
The leaked information includes:
- Names
- Dates of birth
- Phone numbers
- Addresses
The Woolworths Group said MyDeal does not store payment, drivers licence or passport details.
It also said no customer account passwords or payment details were compromised in this cyber-attack breach.
Is anyone investigating the breach at Woolworths?
The Office of the Australian Information Commissioner (OAIC) told the ABC the Woolworths Group had notified it of the MyDeal data breach.
“The OAIC will engage with Woolworths to ensure compliance with the requirements of the Notifiable Data Breaches (NDB) scheme in accordance with our usual process,” it said in a statement.
What is MyDeal doing to help affected people?
MyDeal chief executive Sean Senvirtne said MyDeal would “continue to work with relevant authorities as we investigate the incident and we will keep our customers fully informed of any further updates impacting them”.
Woolworths Group also partnered with IDCARE, Australia’s national identity and cyber support community service.
Through this, the company is extending specialist case management support to those most affected, if they have specific issues or questions about how to protect themselves.
So what else can customers do?
the email sent to affected MyDeal customers included the following advice:
- Keep an eye on your accounts, and let the relevant organisation know if you suspect any unusual activity.
- Use caution by not clicking on links or opening attachments to emails or social media messages if you are not sure that they are genuine.
- MyDeal will never send you a text or an email asking for your password to be entered — any communication which does so will not be genuine.