2.2 million Woolworths MyDeal customers exposed in data breach

The exterior of Woolworths store.
Woolworths said it was contacting those who were impacted via email. (Source: Getty)

Woolworths has confirmed MyDeal customers have had their data exposed after a “compromised user credential” was used to hack into the system.

Woolworths said MyDeal was in the process of contacting around 2.2 million Aussies by email who have been impacted.

Woolworths said those who do not receive an email have not had their information accessed.

Woolworths said MyDeal customer data that was accessed included:

  • Names

  • Email addresses

  • Phone numbers

  • Delivery addresses

  • Date of birth (for those who have been required to prove DOB for purchasing alcohol)

For 1.2 million customers involved in the breach, only their email addresses were exposed.

Woolworths said MyDeal does not store payment, drivers licence or passport details and no customer account passwords or payment details were compromised in the breach.

The customer data was accessed within the MyDeal CRM system and the Mydeal.com.au website and app have not been impacted.

“We apologise for the considerable concern that this will cause our affected customers,” MyDeal CEO Sean Senvirtne said.

“We have acted quickly to identify and mitigate unauthorised access and have increased the monitoring of networks.

“We will continue to work with relevant authorities as we investigate the incident and we will keep our customers fully informed of any further updates impacting them.”

Woolworths Group chief security officer, Pieter van der Merwe, said Woolworths’ cyber security and privacy teams are engaged and working closely with MyDeal to support the response.

Optus breach

This comes after the personal details of 10 million Aussies were exposed in a data breach last month.

Optus announced it will be providing the most affected current and former customers with a free 12-month credit monitoring subscription to Equifax Protect.

Equifax Protect is a credit monitoring and identity protection service that can help reduce the risk of identity theft.

Optus also reiterated that no passwords or financial details were compromised in the breach.

Follow Yahoo Finance on Facebook, LinkedIn, Instagram and Twitter, and subscribe to the free Fully Briefed daily newsletter.