MyDeal, a subsidiary of Woolworths Group, confirmed the personal data of millions of customers had been accessed.
MyDeal, a subsidiary of Woolworths Group, confirmed the personal data of millions of customers had been accessed.

Millions of customers at a Woolworths-owned online retailer have been rocked by a data breach that has exposed their names, email addresses and phone numbers.

MyDeal, a subsidiary of Woolworths group, confirmed a “compromised user credential” was used to expose customer data on Friday.

About 2.2 million people have been impacted by the embarrassing data breach.

It comes weeks after a hacker claimed to have accessed the personal data of 9.8 million Optus customers, causing widespread panic while details like passport numbers been released onto the internet.

A Woolworths Group spokesman said MyDeal was reaching out to affected customers but assured payment details, drivers licences and passwords were not stolen.

“The MyDeal customer data which has been accessed includes customer names, email addresses, phone numbers, delivery addresses, and in some instances, the date of birth of customers (who have previously been required to prove their age when purchasing alcohol),” the spokesman said.

“For 1.2 million customers involved in the breach only their email addresses were exposed.”

Customers of Woolworths and Everyday Rewards did not have their data compromised during the attack, the spokesman said.

Emails have been sent to customers affected by the breach.

Woolworths has is also extending specialist case management support to affected customers with the assistance of Australia’s national identity and cyber support community service, IDCARE.

The data network for MyDeal and the CRM system operates on a separate platform to Woolworths Group.

MyDeal chief executive Sean Senvirtne said the company had acted quickly to mitigate the unauthorised access. He said the company has also increased monitoring of their networks.

The breach comes after a man was arrested for allegedly using stolen Optus customer data from criminal purposes. Assistant Commissioner Cyber Command Justine Gough said police believe the man was "working his way through the list". Picture: AFP.
The breach comes after a man was arrested for allegedly using stolen Optus customer data for criminal purposes. Assistant Commissioner Cyber Command Justine Gough said police believe the man was “working his way through the list”.

“We will continue to work with relevant authorities as we investigate the incident and we will keep our customers fully informed of any further updates impacting them,” Mr Senvirtne said.

Woolworths Group Chief Security Officer, Pieter van der Merwe, pledged the parent company would continue to support its subsidiary.

“Woolworths Group’s cyber security and privacy teams are fully engaged and working closely with MyDeal to support the response,” he said.

Source – https://www.news.com.au/technology/online/hacking/woolworths-groups-mydeal-confirms-22m-customers-stung-in-shock-data-breach/news-story/17ce8ccf99ababdfce0333bde656880f