Woolworths group’s MyDeal website hit by data breach compromising personal details of 2.2 million customers
About 2.2 million customers of a website owned by Woolworths have had their personal details exposed in a data breach.
MyDeal, which is owned by the Woolworths Group, said it identified on Friday that a compromised user credential was used to gain unauthorised access to its Customer Relationship Management (CRM) system.
The details exposed in the data breach include email addresses, phone numbers, delivery addresses and birth dates.
For 1.2 million customers involved in the breach only their email addresses were compromised, MyDeal said.
Stream the news you want, when you want with Flash. 25+ news channels in 1 place. New to Flash? Try 1 month free. Offer ends 31 October, 2022 >
The company said it does not store payment details, drivers licenses or passport numbers and that no passwords or payment details were exposed.
MyDeal said it is contacting affected customers by email and engaging with relevant regulatory authorities as well as government agencies.
“We apologise for the considerable concern that this will cause our affected customers,” MyDeal CEO Sean Senvirtne said in a statement.
“We have acted quickly to identify and mitigate unauthorised access and have increased the monitoring of networks.
“We will continue to work with relevant authorities as we investigate the incident and we will keep our customers fully informed of any further updates impacting them.”
Woolworths Group Chief Security officer, Pieter van der Merwe said its “cyber security and privacy teams are fully engaged and working closely with MyDeal to support the response.”
Customers who have not had their data accessed will not be contacted by MyDeal, the company said.
No other Woolworths Group platforms have been compromised and no customer or Everyday Rewards records have been accessed.