Australian retailer’s customer data exposed in breach


The Good Guys, a consumer electronics chain in Australia, had its customers’ sensitive data leaked in a third-party breach.

The Australian firm said its former third-party supplier, Pegasus Group Australia, now known as My Rewards, informed the company about the breach in February 2023.

My Rewards provided reward services for Good Guys’ loyalty program Concierge. The company administering the loyalty program stored user data such as names, addresses, phone numbers, and email addresses.

ADVERTISEMENT

The Good Guys claims that Concierge members who created a My Rewards account might also have their encrypted password exposed. However, the company assured its customers no IDs or financial data were exposed in the breach.

Worryingly, the company said My Reward believes the breach occurred in August 2021, giving attackers ample time to sell and abuse the stolen data. The company said it was “directly contacting Concierge members who may have been impacted by the My Rewards data breach.”

It added: “The nature of the specific information involved for each affected individual is set out in the communication that the individual receives from The Good Guys.”

Reports by Australian media claim that the company has reached out to 325,000 Concierge members who had set up a My Rewards account and additional 1.5 million customers whose details might have been exposed regardless.

“The Good Guys is extremely disappointed that My Rewards, a former services provider, has experienced this breach and we apologise for any concern that this may cause,” the company said.

Australia has experienced a wave of major cyber attacks and data breaches in recent months. First, threat actors stole data from Australia’s second-largest telecoms provider Optus.

Later, attackers targeted Australia’s largest health insurer Medibank, the country’s largest telecoms company Telstra, IT services provider Dialog and Woolworths subsidiary in Australia, MyDeal.

ADVERTISEMENT

The government responded by forming a hundred-strong squad for combating cybercriminals. Australia is flirting with the idea of taking over the IT systems of breached companies to better manage the fallout from cyberattacks.