Toni Dimaano Tech 10.18.2022 00:Oct AM EDT

Data Breach Hits MyDeal, Impacts 2.2M Users

Retail giant Woolworths discloses the extent of the latest data breach that targets MyDeal, its online marketplace subsidiary.

MyDeal reveals that hackers are now trying to sell 2.2 million users' stolen data on a hacker platform, according to Bleeping Computer.

Customer Details Have Been Exposed In A Major Breach

Woolworths reveals that millions of user information have been put in danger following the cyber hacking of the online shopping site MyDeal.

MyDeal is an online retail market that grants customers access to quality products curated from a selection of trusted retailers, Gizmodo Australia writes.

In a statement, Woolworths Group says that the breach compromised user credentials, and was used to gain unauthorized access to the site's Customer Relationship Management system.

According to Bleeping Computer, the threat actor exported customer information such as names, email addresses, and birthdays in the attack.

Fortunately, MyDeal confirms that no payment information, government identification details, and account passwords were exposed to the hackers.

However, the Australian company raises concern as the hacker behind the MyDeal data breach began selling the stolen data on a hacker forum for $600 on Sunday.

The hacker released screenshots that allegedly contain information on the company's Confluence server, together with a single-sign on prompt for their Amazon Web Series account.

The threat actor also released samples of stolen data that are believed to be from 286 MyDeal customers, prompting the company to warn their users to be on the side of caution.

MyDeal Is Ensuring Customer Safety After The Attack

MyDeal CEO Sean Senvirtine offers their apologies to the customers affected by the breach, adding that they are acting quickly to identify and mitigate the threats.

"We will continue to work with relevant authorities as we investigate the incident and we will keep our customers fully informed of any further updates impacting them," Senvirtine said.

According to Gizmodo Australia, MyDeal is now sending out emails to their customers, ensuring that their cyber security and private teams are working closely in response to the attack.

Insider Retail writes that this data breach that targeted MyDeal comes just a few weeks after Optus customers' data have been compromised, affecting 9 million Australians.

Because of this, the Office of the Australian Information Commissioner is investigating if Woolworths' MyDeal takes the necessary steps to protect customer data.

They also are looking into whether the company complies with the Australian Communication and Media Authority's privacy laws, and meeting industry obligations in terms of keeping data.

MyDeal operates on a separate platform from the Woolworths group, which reports that their other platforms are safe from the data breach.

Retail Insight Network says that in August, Woolworths Group officially launched a similar platform for businesses of all kinds across Australia called Woolworths at Work.

This platform is another online selling platform that lets employers purchase fresh food, kitchen and cleaning supplies, as well as more than 20,000 other essential products.