Security News > 2022 > October > MyDeal data breach impacts 2.2M users, stolen data for sale online
Woolworths' MyDeal subsidiary has disclosed a data breach affecting 2.2 million customers, with the hacker trying to sell the stolen data on a hacker forum.
Last Friday, MyDeal stated that it suffered a breach after a hacker used compromised user credentials to access the company's Customer Relationship Management system, allowing the threat actor to view and export customer information.
MyDeal has already begun to send data breach notifications to affected customers and say that customers who do not receive one were not affected.
On Sunday, the hacker behind the MyDeal breach began selling the stolen data on a hacking forum for $600. The hacker claims that the data currently consists of 1 million entries but that the number of exposed customers will increase as they finish parsing the database.
Today, the threat actor released samples of the stolen data, exposing the personal information of 286 alleged MyDeal customers.
As it is common for threat actors to purchase stolen data to use in their own attacks, all MyDeal customers should also be on the lookout for targeted phishing attacks.
News URL
Related news
- US drug testing firm says data breach impacted 3.3 million people (source)
- US drug testing firm DISA says data breach impacts 3.3 million people (source)
- Background check, drug testing provider DISA suffers data breach (source)
- Data breach at Japanese telecom giant NTT hits 18,000 companies (source)
- PowerSchool previously hacked in August, months before data breach (source)
- Western Alliance Bank notifies 21,899 customers of data breach (source)
- Sperm donation giant California Cryobank warns of a data breach (source)
- Pennsylvania education union data breach hit 500,000 people (source)
- StreamElements discloses third-party data breach after hacker leaks data (source)
- Canada launches breach risk self-assessment online tool (source)