Wine lovers’ data in jeopardy as retailer Vinomofo breached

Online wine retailer Vinomofo said threat actors may have accessed users’ personal details such as name and home address.

Australian online wine retailer Vinomofo announced that a company dealt with a cybersecurity incident that resulted in a “third party unlawfully” accessing the company’s database on a testing platform.

The company claims that the breach only affected its testing platform, with no consequences to the Vinomofo website. However, Vinomofo’s platform that hackers penetrated held customer details such as names, gender, date of birth, phone number, home, and email addresses. The data likely belongs to Vinomofo customers who have purchased wine and other products via the company’s online platform.

“Vinomofo does not hold identity or financial data such as passports, drivers’ licenses or credit cards/bank details,” the company said in a statement.

Vinomofo said that the company would not reveal how many of its users were affected as a security precaution. On its website, Vinomofo boasts a user pool reaching over 500,000 members.

The details about how threat actors got into the testing platform were also not revealed. The company only said that the incident happened in the late stages of platform development.

“Vinomofo is at the final stages of a significant upgrade to our digital platform. Given the scale of this upgrade and in line with industry practice, a customer database was used to critically test the platform. This testing platform was not linked to the live Vinomofo website,” the company said.

The last several weeks have witnessed a cybercrime spree in Australia as several major companies were affected by data breaches. In late September, Optus, Australia’s second-largest telecoms provider, was hit by a cyberattack, with millions losing passport and driver’s license numbers.

In early October, Australia’s largest telecommunications company Telstra said that details of 30k of the company’s staff members were leaked.

Last week, IT services provider Dialog, a subsidiary of Optus’ owner Singtel, had its employee data leaked online. The same week, Australia’s large health insurance company Medibank Private reported a cyberattack that forced it to take some of its systems offline.

A few days ago, an online retailer MyDeal, a subsidiary of Australia’s largest company Woolworths Group, said threat actors got their hands on customer data by breaching the company’s customer relationship management (CRM) system.