Data Breach: The MyDeal Breach in Australia

Following the Optus breach, retail giant Woolworths have suffered a data breach in one of its subsidiaries.

Woolworths says 2.2 million MyDeal customers’ details were exposed in a data breach. MyDeal is an online retail marketplace and is a subsidiary of the Woolworths Group.

How did the breach happen?

According to the company, a compromised user credential was used to get access to customer information from the MyDeal website. In plainspeak, an account that had access to customer information was hacked, opening up the MyDeal to malicious actors.

What information was leaked in the MyDeal breach?

  • Customer names
  • Email addresses
  • Phone numbers
  • Delivery addresses
  • Birth dates

It is said that 1.2 million customers have only had their email addresses exposed. Additionally, Woolworths have said that MyDeal did not store sensitive records like payment information, driver’s license or passport details. They have also added that no passwords were compromised.

Woolworths have clarified that MyDeal’s systems operated on a different platform from the parent group, and that no Woolworths customer details have been exposed in the breach.

What does this mean for accounting firms?

While accounting firms might not think this breach affects them, it’s the opposite.

While no financial information has been leaked, it’s living proof how a single compromised account can open up access to a host of other information.

One team member’s exposed details (like their email address or telephone number) could open them up to a phishing attempt. Subsequently, a threat to your team member could mean a threat to your firm’s security as well.

Setting the Scene: If this happened at your firm, what can you expect?

Imagine a hacker got access to your firm’s email database or CRM. No financial information is available to them, but there’s plenty of havoc they can wreak if they send out an email to everyone in your database purporting to be their trusted accountant.

This recent MyDeal breach invites us to think about the data our firm has in hand, and the consequences of having even email addresses leaked and exploited.

Key takeaway from this breach:

It’s really all about access. Who has access to your client data? Who has access to the applications you use in your business? How do your team members access data and applications within your firm?

Review your systems and applications—and don’t disregard one or another because they don’t contain financial information.


Considering having an access management solution for your accounting practice? Learn how Practice Protect provides easy access management to over 20,000 accountants worldwide.