© 2022 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

2.2M Woolworths MyDeal customer details exposed in a hack


Woolworths subsidiary in Australia, MyDeal, had its customer data stolen. Threat actors are allegedly selling the details for a few hundred dollars.

Online retailer MyDeal, a subsidiary of Australia's largest company Woolworths Group, said threat actors got their hand on customer data by breaching the company's customer relationship management (CRM) system.

Threat actors accessed names, email addresses, phone numbers, and delivery addresses. However, MyDeal claims that most clients had their email addresses exposed. According to the company, no payment details were exposed in the breach.

Australia's cyber watchdog, the Office of the Australian Information Commissioner (OAIC), confirmed the breach and said it is working with Woolworths Group to notify all the users affected by the hack.

Woolworths Breach
Threat actors claim they're selling the MyDeal data. Image by Cybernews.

"Following a breach, individuals need to be alert to scams and any suspicious or unexpected activity on their personal accounts or devices," OAIC said in a statement.

Only a day after the OAIC issued the warning to beware of scams, threat actors supposedly posted the MyDeal leak on a popular hacker forum, selling the data for $600.

Threat actors claim that the information was obtained on October 10, and the dataset includes sensitive information such as user emails, name and surname, postcode, home, and billing addresses. Scammers often use this type of data to carry out phishing attacks.

Woolworths Group is Australia's largest retailer, with over 215k employees.

The last several weeks have witnessed a cybercrime spree in Australia as several major companies were affected by data breaches. In late September, Optus, Australia's second-largest telecoms provider, was hit by a cyberattack, with millions losing passport and driver's license numbers.

In early October, Australia's largest telecommunications company Telstra said that details of 30k of the company's staff members were leaked.

Last week, IT services provider Dialog, a subsidiary of Optus' owner Singtel, had its employee data leaked online. The same week, Australia's large health insurance company Medibank Private reported a cyberattack that forced it to take some of its systems offline.


More from Cybernews:

DJI drone tracking data exposed in US

Cyber pet peeve: my kid’s account got hacked

Darkverse: metaverse’s criminal underground out of law enforcement sight

FCC readies to ban US sales of new Huawei and ZTE equipment

Matter: new standard to speed-up mainstream smart home adoption

Subscribe to our newsletter



Leave a Reply

Your email address will not be published. Required fields are marked