Australia’s Woolworths Group Ltd’s majority-owned online retailer MyDeal said a “compromised user credential” ended up exploited Friday to access its systems that left 2.2 million users exposed.

News Down Under has not been good of late because this attack comes a week or so after the country’s second-largest mobile phone operator Optus suffered a breach that compromised data of up to 10 million of its customers, triggering a change in the country’s consumer privacy rules. Police did make one arrest in the Optus attack.

The latest cyberattack follows two other instances since Optus – a “small breach” at Australia’s largest telecommunications firm Telstra Corp Ltd and health insurer Medibank Private detecting unusual activity on its network, according to a Reuters report.

MyDeal’s exposed customer data includes names, email addresses, phone numbers, delivery addresses, and in some instances date of birth of the customers, the Sydney-based retailer said in an advisory.

It further clarified that MyDeal’s website and application were not impacted, and none of the other platforms of Woolworths group were compromised.

Schneider Bold

MyDeal, owned 80 percent by the top grocer, said it was contacting the affected customers and working with authorities to investigate the incident.

MyDeal is in the process of contacting the 2.2 million affected customers by email. Customer not contacted have not had their details accessed in the breach, officials said.

“We apologize for the considerable concern that this will cause for our affected customers,” said MyDeal Chief Executive, Sean Senvirtne. “We have acted quickly to identify and mitigate unauthorized access and have increased the monitoring of the networks.”

Woolworths Group’s cybersecurity and privacy teams are fully engaged and working closely with MyDeal to support the response,” said Woolworths Group Chief Security Officer, Pieter van der Merwe.

No further information was immediately available on the breach.


Pin It on Pinterest

Share This