Security News > 2022 > October > MyDeal data breach impacts 2.2M users, stolen data for sale online
Woolworths' MyDeal subsidiary has disclosed a data breach affecting 2.2 million customers, with the hacker trying to sell the stolen data on a hacker forum.
Last Friday, MyDeal stated that it suffered a breach after a hacker used compromised user credentials to access the company's Customer Relationship Management system, allowing the threat actor to view and export customer information.
MyDeal has already begun to send data breach notifications to affected customers and say that customers who do not receive one were not affected.
On Sunday, the hacker behind the MyDeal breach began selling the stolen data on a hacking forum for $600. The hacker claims that the data currently consists of 1 million entries but that the number of exposed customers will increase as they finish parsing the database.
Today, the threat actor released samples of the stolen data, exposing the personal information of 286 alleged MyDeal customers.
As it is common for threat actors to purchase stolen data to use in their own attacks, all MyDeal customers should also be on the lookout for targeted phishing attacks.
News URL
Related news
- How to Effectively Manage a Data Breach (source)
- Amazon confirms employee data breach after vendor hack (source)
- HIBP notifies 57 million people of Hot Topic data breach (source)
- US space tech giant Maxar discloses employee data breach (source)
- Fintech giant Finastra investigates data breach after SFTP hack (source)
- Bologna FC confirms data breach after RansomHub ransomware attack (source)
- Rhode Island confirms data breach after Brain Cipher ransomware attack (source)
- Texas Tech University System data breach impacts 1.4 million patients (source)
- Ireland fines Meta $264 million over 2018 Facebook data breach (source)
- New fake Ledger data breach emails try to steal crypto wallets (source)