MyDeal, a subsidiary of supermarket giant Woolworths Group, suffered a data breach with compromised user credentials being used to access the company’s customer relationship management system.
In A declaration released on Friday, Woolworths said 2.2 million customers were affected, adding that it had begun contacting regulators and government agencies.
The MyDeal site is hosted by Amazon in the United States, according Internet services company Netcraft, and appears to use ASP.NET, a technology sold by Microsoft.
Optus & Woolworths have been hacked. Government medical records have been hacked.
This is used as an excuse to spend billions on digital ID and biometric security.
Yet the only system in the world that a hacker can’t break into is an old-fashioned filing cabinet filled with paper.
— Alexandra Marshall (@ellymelly) October 15, 2022
According to Microsoft own website“ASP.NET is a free, cross-platform, and open-source framework for building web applications and services with .NET and C#.”
From itself, MyDeal said“MyDeal is Australia’s leading online retail marketplace that provides customers with quality products from a curated selection of trusted retailers. “Since 2011, we have been bringing Australian shoppers the biggest brands, best offers, discounts and sales on a wide range of home and lifestyle products.
The facial recognition data of this @Woolworths secretly extracted from customers and stores for commercial and “investigative” purposes in connection with this new data breach? https://t.co/YVie2lbByc pic.twitter.com/yNbNUdOLkm
— Sally Rugg (@sallyrugg) October 14, 2022
Woolworths completed its acquisition of approximately 80% of MyDeal.com.au on September 23. “There have been no compromises to other Woolworths Group platforms or to Woolworths Group customer or daily rewards records,” the statement added.
The statement said the data accessed included customer names, email addresses, phone numbers, shipping addresses and, in some cases, customers’ birthdates.
Of the affected customers, 1.2 million had only their email addresses exposed.
Woolworths said the data was viewed in the CRM system and the MyDeal website and app were not affected.
“MyDeal does not store payment, driver’s license or passport details and no customer account passwords or payment details were compromised in this breach,” the statement said.
MyDeal Founder and Managing Director, Sean Senvirtne, said: “We apologize for the significant concern this will cause our affected customers. We acted quickly to identify and mitigate unauthorized access and increased network monitoring.
“We will continue to work with the relevant authorities as we investigate the incident and will keep our customers fully informed of any further updates affecting them.”
Woolworths Group Chief Security Officer Pieter van der Merwe added: “Woolworths Group cybersecurity and privacy teams are fully engaged and are working closely with MyDeal to support the response.”
The press release indicates that the customers concerned could contact MyDeal directly or through the company help Center.
This is the sixth Australian corporate data breach announced in less than a month. optus announcement on September 22 that its systems had been hacked, followed by will, G4S, Costa Group, Dialogue and Medibank Group.
GET READY FOR XCONF AUSTRALIA 2022
Thoughtworks presents XConf Australia, back in person in three cities, bringing together people who care deeply about software and its impact on the world.
Now in its fifth year, XConf is our annual technology event created by technologists for technologists.
Participate in a robust discussion program as local thought leaders and Thoughtworks technologists share first-hand experiences and discuss new ways to empower teams, deliver great software, and drive innovation for technology responsible.
See how we at Thoughtworks are improving technology, together.
Tickets are available now and all proceeds will be donated to Indigitek, a non-profit organization that aims to create tech employment pathways for First Nations people.
Click the button below to register and get your ticket to the Melbourne, Sydney or Brisbane event
GET YOUR TICKET!
PROMOTE YOUR WEBINAR ON ITWIRE
It’s all about webinars.
Marketing budgets are now focused on webinars combined with lead generation.
If you want to promote a webinar, we recommend at least a 3-4 week campaign before your event.
The iTWire campaign will include numerous advertisements on our news site itwire.com and a major newsletter promotion https://itwire.com/itwire-update.html and promotional and editorial news. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in promotional posts on the iTWire homepage.
Now that we are coming out of Lockdown, iTWire will focus on supporting your webinars and campaigns and support through partial payments and extended terms, Webinar Business Booster pack and other support programs. We can also create your advertisements and written content and coordinate your video interview.
We look forward to discussing your campaign goals with you. Please click the button below.
MORE INFO HERE!