MyDeal — an online retailer which is majority owned by the Woolworths Group — has been hit with a data breach affecting approximately 2.2 million customers.
According to a statement on the MyDeal website, a “compromised user credential” was used to score unauthorised access to certain customer data.
That includes some customer names, email addresses, phone numbers, delivery addresses and dates of birth for customers who’ve had to prove their age when buying alcohol. Woolworths Group has said 1.2 million people only had their email addresses exposed, per the ABC.
It also confirmed that none of the Group’s other platforms had been impacted.
Woolies Group told the ABC all affected customers had been contacted via email — so if you haven’t been contacted, your data is all good.
MyDeal CEO Sean Senvirtne said it’s “acted quickly to identify and mitigate unauthorised access and [has] increased the monitoring of networks”. He also apologised to the affected customers.
According to Senvirtne, MyDeal is working with “relevant authorities” to investigate the situation.
The company doesn’t store any passport, drivers license or payment deets. It’s also confirmed that peoples’ passwords and payment details haven’t been compromised. Phew.
Woolies Group officially acquired around 80 per cent of MyDeal in September 2022.
The data leak news comes off the back of Optus’s significant data breach back in September, where customers had Medicare numbers, passport numbers and drivers license details leaked after a hack.
Then, 30,000 current and former Telstra employees had their info leaked on the dark web. The info came from a third-party employee rewards program used in 2017.
Phew — simply much to keep track of there.
In the wake of the Optus sitch, the government has said companies might have to stop holding onto some data after a certain period of time. It has also looked into tightening privacy laws, so keep your eyes peeled.
