MyDeal faces cyber attack, exposing data of 2.2 mn users

Online retailer MyDeal, a subsidiary of Woolworths Group in Australia, has reported a cyber attack that exposed data of nearly 2.2 million users.
IT network security issuesAustralia’s second-largest mobile phone operator Optus suffered a breach that compromised data of up to 10 million customers.

Australia’s largest telecommunications firm Telstra also faced a cyber attack.

Health insurance company Medibank Private also reported a cyber attack detecting unusual activity on its network.

MyDeal’s exposed customer data includes name, email address, phone number, delivery address, and in some instances date of birth of the customer, the Sydney-based retailer said. MyDeal identified a compromised user credential was used to access its Customer Relationship Management (CRM) system.

MyDeal CEO Sean Senvirtne said: “We apologise for the concern that this will cause our customers. We have acted quickly to identify and mitigate unauthorised access and have increased the monitoring of networks.”

MyDeal clarified that MyDeal’s website and application were not impacted, and none of the other platforms of Woolworths group were compromised.

The MyDeal customer data which has been accessed includes customer names, email addresses, phone numbers, delivery addresses, and in some instances, the date of birth of customers (who have previously been required to prove their age when purchasing alcohol). For 1.2 million customers involved in the breach only their email addresses were exposed.

MyDeal does not store payment, drivers licence or passport details and no customer account passwords or payment details have been compromised in this breach. The customer data was accessed within the MyDeal CRM system and the Mydeal.com.au website and app have not been impacted. MyDeal did not reveal the name of the CRM vendor.

Woolworths completed the deal to buy 80 percent of the online marketplace MyDeal.com.au on 23 September 2022.

The MyDeal.com.au data network and CRM system is operated on a separate platform to Woolworths. There has been no compromise of any other Woolworths Group platforms or the Woolworths Group customer or Everyday Rewards records.

Woolworths Group Chief Security Officer, Pieter van der Merwe, said: “Woolworths Group’s cyber security and privacy teams are fully engaged and working closely with MyDeal to support the response.”