Millions of customers at a Woolworths-owned online retailer have been rocked by a data breach that has exposed their names, email addresses and phone numbers.
MyDeal, a subsidiary of Woolworths group, confirmed a “compromised user credential” was used to expose customer data on Friday.
About 2.2 million people have been impacted by the embarrassing data breach.
It comes weeks after a hacker claimed to have accessed the personal data of 9.8 million Optus customers, causing widespread panic while details like passport numbers been released onto the internet.
A Woolworths Group spokesman said MyDeal was reaching out to affected customers but assured payment details and passwords were not stolen.
“The MyDeal customer data which has been accessed includes customer names, email addresses, phone numbers, delivery addresses, and in some instances, the date of birth of customers (who have previously been required to prove their age when purchasing alcohol),” the spokesman said.
“For 1.2 million customers involved in the breach only their email addresses were exposed.”
Customers of Woolworths did not have their data compromised during the attack, the spokesman said.
MyDeal chief executive Sean Senvirtne said the company had acted quickly to mitigate the unauthorised access. He said the company has also increased monitoring of their networks.
“We will continue to work with relevant authorities as we investigate the incident and we will keep our customers fully informed of any further updates impacting them,” Mr Senvirtne said.
Woolworths Group Chief Security Officer, Pieter van der Merwe, pledged the parent company would continue to support its subsidiary.
“Woolworths Group’s cyber security and privacy teams are fully engaged and working closely with MyDeal to support the response,” he said.