Australian retail giant Woolworths disclosed a data breach that impacted 2.2 million MyDeal customers. In September 2022, Woolworths purchased 80% of MyDeal.
According to the company, a threat actor leveraged a user’s compromised credentials to access the MyDeal customer relationship management (CRM) system.
This gave the attacker access to MyDeal customer data, including name, email address, phone number, delivery address and, in some cases, date of birth. Woolworths said 1.2 million of the impacted customers only had their email address compromised. Payment, drivers license, or passport details were not accessed, because MyDeal does not store this information. In addition, no customer account passwords were accessed.
Woolworths itself was not impacted by the security breach.
Read more about it here.