Month: October 2022

Australian retail giant Woolworths disclosed a data breach that impacted 2.2 million MyDeal customers. In September 2022, Woolworths purchased 80% of MyDeal.

According to the company, a threat actor leveraged a user’s compromised credentials to access the MyDeal customer relationship management (CRM) system.

This gave the attacker access to MyDeal customer data, including name, email address, phone number, delivery address and, in some cases, date of birth. Woolworths said 1.2 million of the impacted customers only had their email address compromised. Payment, drivers license, or passport details were not accessed, because MyDeal does not store this information. In addition, no customer account passwords were accessed.

Woolworths itself was not impacted by the security breach.

Read more about it here.

Japanese giant Toyota Motor Corporation disclosed in a statement that nearly 300,000 customers may have had their personal data leaked, after a third party mistakenly uploaded part of the T-Connect source code to their GitHub account while it was set to be public in December 2017. The source code contained the access key to a data server that stored customer email addresses and management numbers. This made it possible for an unauthorized third party to access the details of 296,019 customers between December 2017 and September 15, 2022, when access to the GitHub repository was restricted. The server contained customer email addresses and management numbers.

T-Connect is an app developed by the company that allows car owners to control the vehicle’s infotainment system and monitor the access of the vehicle

The silver lining to the data leak is that customer names, phone numbers, credit cards, etc., were not exposed. With no additional personal information about the user, threat actors cannot tailor their social engineering efforts while carrying out phishing attacks, making them a bit less severe.

Read more about it here.

Telstra Telecom, Australia’s largest telecommunication company, reported on October 4, 2022, that it was the victim of a data breach through a third-party. This occurred nearly two weeks after its main rival, Optus, reported a data breach of its own. In total, the first names, last names and the email addresses of 30,000 Telstra employees and former employees have been leaked on a hacking forum.

“There has been no breach of Telstra’s systems. And no customer account data was involved”, said in a statement Narelle Devine, the company’s Chief Information Security Officer for the Asia Pacific region.

Read more about it here.