16 October 2022

Woolworths says 2.2m MyDeal customers’ data hacked


In the third major corporate security breach in as many weeks, Woolworths is scrambling to contact 2.2 million customers of its MyDeal online marketplace arm whose data has been accessed by an unauthorised user using “compromised” credentials, the supermarkets giant says.

The hack follows telecoms group Optus in owning up to data breaches affecting millions of consumers. Health insurer Medibank Private also disclosed a data breach but said it had no evidence of any customer data being accessed, although it was still investigating the hack.

Woolworths said it had contacted relevant regulatory authorities and government agencies about the breach. MyDeal customers who are not contacted have not been affected, the company said. Of the 2.2 million estimated to have been affected, 1.2 million have only had their email addresses exposed.

The exposed data also includes names, phone numbers, delivery addresses and some customers’ birthdates. MyDeal does not store payment, drivers’ licence or passport details and Woolworths said no customer account passwords or payment details had been compromised.

The breach took place within the MyDeal CRM (customer relations management software) system and the MyDeal.com.au and MyDeal app had not been breached in the hack. MyDeal operates on a separate platform to Woolworths’ main platform and no Woolworths Group customers or Everyday Rewards scheme records have been compromised either.

Woolworths chief security officer Pieter van der Merwe said the group’s cybersecurity and privacy teams were “fully engaged and working closely with MyDeal to support the response”.

MyDeal chief executive Sean Senvirtne said: “We apologise for the considerable concern that this will cause our affected customers. We have acted quickly to identify and mitigate unauthorised access and have increased monitoring networks.

“We will continue to work with relevant authorities as we investigate the incident and we will keep our customers fully informed of any further updates affecting them.”

Woolworths completed the acquisition of 80 per cent of MyDeal last month for $243 million. The move is a bid to beef up its online offer. In September last year, the supermarkets giant launched its marketplace platform Everyday Market, which offers a range of goods from baby items to electronics.

Woolworths, through its 176 bricks and mortar Big W stores and supermarkets, and MyDeal, through its online marketplace, sell general merchandise including furniture, health and beauty products, homewares and electronics.

In addition to retailing their own products, Woolworths and MyDeal also operate online marketplaces where third parties sell their wares.

Of the recent spate of hacks which have heightened awareness of cybersecurity threats for businesses, the Optus hack has been the most serious with up to 9.8 million customers affected and sensitive information such as passport and drivers’ licence details compromised.

Medibank said on Friday it had restored access to services provided by its cheaper brand ahm and for international students and that it had not discovered any evidence the data of its 3.6 million members had been accessed, although a “forensic investigation will take time”.

Source: afr.com

No comments:

Post a Comment