Woolworths confirms over 2.2M MyDeal clients’ data impacted by breach

SecurityWeek reports that Woolworths, a major retail company in Australia, has confirmed that its recently acquired MyDeal online marketplace was hit by a data breach that has compromised information from 2.2 million customers. MyDeal's customer relationship management system was infiltrated through the use of compromised user credentials, which then enabled attackers to access MyDeal customer data, including names, birthdates, phone numbers, email addresses, and delivery addresses. Moreover, 1.2 million of the customers affected by the breach only had their email addresses accessed by attackers, according to Woolworths. "MyDeal does not store payment, driver's license or passport details and no customer account passwords or payment details have been compromised in this breach. The customer data was accessed within the MyDeal CRM system and the Mydeal.com.au website and app have not been impacted," said Woolworths, which added that its own systems, which are separate from MyDeal's, were not affected by the incident. Such a breach follows the cyberattack at Australian mobile carrier Optus, which has compromised the ID numbers of 2.1 million individuals.