Security News > 2022 > October > MyDeal data breach impacts 2.2M users, stolen data for sale online
Woolworths' MyDeal subsidiary has disclosed a data breach affecting 2.2 million customers, with the hacker trying to sell the stolen data on a hacker forum.
Last Friday, MyDeal stated that it suffered a breach after a hacker used compromised user credentials to access the company's Customer Relationship Management system, allowing the threat actor to view and export customer information.
MyDeal has already begun to send data breach notifications to affected customers and say that customers who do not receive one were not affected.
On Sunday, the hacker behind the MyDeal breach began selling the stolen data on a hacking forum for $600. The hacker claims that the data currently consists of 1 million entries but that the number of exposed customers will increase as they finish parsing the database.
Today, the threat actor released samples of the stolen data, exposing the personal information of 286 alleged MyDeal customers.
As it is common for threat actors to purchase stolen data to use in their own attacks, all MyDeal customers should also be on the lookout for targeted phishing attacks.
News URL
Related news
- Dutch Police: ‘State actor’ likely behind recent data breach (source)
- Comcast and Truist Bank customers caught up in FBCS data breach (source)
- Internet Archive hacked, data breach impacts 31 million users (source)
- Internet Archive data breach, defacement, and DDoS: Users’ data compromised (source)
- Fidelity Investments says data breach affects over 77,000 people (source)
- Fidelity Data Breach Exposes Data of Over 77,000 Customers (source)
- Pokemon dev Game Freak confirms breach after stolen data leaks online (source)
- USDoD hacker behind National Public Data breach arrested in Brazil (source)
- Tech giant Nidec confirms data breach following ransomware attack (source)
- Insurance admin Landmark says data breach impacts 800,000 people (source)