cyber Breach

MyDeal

Oct 29, 2022 1 min read
MyDeal

Woolworths' MyDeal subsidiary suffered a data breach that affected its 2.2 million customers.

The hacker used compromised user credentials to access the company's Customer Relationship Management (CRM) system which allowed them to view and export customer information.

Information like names, email addresses, phone numbers, delivery addresses, and in some cases, birth dates were exposed in the attack.

MyDeal sent the data breach notifications to affected customers after the hackers began to sell the stolen data on a hacking forum for $600.

Source: https://www.bleepingcomputer.com/news/security/mydeal-data-breach-impacts-22m-users-stolen-data-for-sale-online/

TPRM report: https://scoringcyber.rankiteo.com/company/mydeal.com.au

"id": "myd2031281022",
"linkid": "mydeal.com.au",
"type": "Breach",
"date": "10/2022",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'customers_affected': '2.2 million',
                        'industry': 'Retail',
                        'name': 'MyDeal',
                        'size': '2.2 million customers',
                        'type': 'Subsidiary'}],
 'attack_vector': 'Compromised User Credentials',
 'data_breach': {'data_exfiltration': True,
                 'number_of_records_exposed': '2.2 million',
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'Medium',
                 'type_of_data_compromised': ['Personal Information']},
 'description': "Woolworths' MyDeal subsidiary suffered a data breach that "
                'affected its 2.2 million customers. The hacker used '
                "compromised user credentials to access the company's Customer "
                'Relationship Management (CRM) system which allowed them to '
                'view and export customer information. Information like names, '
                'email addresses, phone numbers, delivery addresses, and in '
                'some cases, birth dates were exposed in the attack. MyDeal '
                'sent the data breach notifications to affected customers '
                'after the hackers began to sell the stolen data on a hacking '
                'forum for $600.',
 'impact': {'data_compromised': ['Names',
                                 'Email Addresses',
                                 'Phone Numbers',
                                 'Delivery Addresses',
                                 'Birth Dates'],
            'systems_affected': ['CRM System']},
 'initial_access_broker': {'data_sold_on_dark_web': True,
                           'entry_point': 'Compromised User Credentials'},
 'motivation': 'Financial Gain',
 'post_incident_analysis': {'root_causes': 'Weak Credential Management'},
 'references': [{'source': 'Cyber Incident Description'}],
 'response': {'communication_strategy': 'Data breach notifications sent to '
                                        'affected customers'},
 'title': "Data Breach at Woolworths' MyDeal Subsidiary",
 'type': 'Data Breach',
 'vulnerability_exploited': 'Weak Credential Management'}
Published by
Harshit Kaur Bhatia
Harshit Kaur Bhatia
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.