Australian online retail marketplace MyDeal has confirmed that it was the victim of a data breach that exposed the data of around 2.2 million customers.
The retailer, which is a subsidiary of supermarket chain Woolworths, has confirmed that it will be contacting all those affected by the breach via email, as well as alerting the “relevant regulatory authorities and government agencies”.
Woolworths said in a statement that the breach was caused by a malicious actor using “a compromised user credential” to gain unauthorized access to MyDeal’s Customer Relationship Management (CRM) system.
Customer information exposed during the cyber-attack included names, dates of birth, phone numbers and email addresses. For 1.2 million customers, the data exposed was limited to their email address. Confidential information like passport, payment card and drivers license details is not stored by MyDeal, and therefore was not exposed in the hack.
There has been no risk of compromise of Woolworth Group platforms, as the MyDeal data network and CRM system is operated on a separate network to its parent company.
CEO of MyDeal, Sean Senvirtne, said: “We apologize for the considerable concern that this will cause our affected customers. We have acted quickly to identify and mitigate unauthorized access and have increased the monitoring of networks. We will continue to work with relevant authorities as we investigate the incident and we will keep our customers fully informed of any further updates impacting them.”
Pietre van der Merwe, group chief security officer at Woolworths, added: “Woolworths Group’s cyber security and privacy teams are fully engaged and working closely with MyDeal to support the response.”