Data Breach: The MyDeal Breach in Australia

Cyber News

Following the Optus breach, retail giant Woolworths have suffered a data breach in one of its subsidiaries.

Woolworths says 2.2 million MyDeal customers’ details were exposed in a data breach. MyDeal is an online retail marketplace and is a subsidiary of the Woolworths Group.

How did the breach happen?

According to the company, a compromised user credential was used to get access to customer information from the MyDeal website. In plainspeak, an account that had access to customer information was hacked, opening up the MyDeal to malicious actors.

What information was leaked in the MyDeal breach?

  • Customer names
  • Email addresses
  • Phone numbers
  • Delivery addresses
  • Birth dates

It is said that 1.2 million customers have only had their email addresses exposed. Additionally, Woolworths have said that MyDeal did not store sensitive records like payment information, driver’s license or passport details. They have also added that no passwords were compromised.

Woolworths have clarified that MyDeal’s systems operated on a different platform from the parent group, and that no Woolworths customer details have been exposed in the breach.

What does this mean for accounting firms?

While accounting firms might not think this breach affects them, it’s the opposite.

While no financial information has been leaked, it’s living proof how a single compromised account can open up access to a host of other information.

One team member’s exposed details (like their email address or telephone number) could open them up to a phishing attempt. Subsequently, a threat to your team member could mean a threat to your firm’s security as well.

Setting the Scene: If this happened at your firm, what can you expect?

Imagine a hacker got access to your firm’s email database or CRM. No financial information is available to them, but there’s plenty of havoc they can wreak if they send out an email to everyone in your database purporting to be their trusted accountant.

This recent MyDeal breach invites us to think about the data our firm has in hand, and the consequences of having even email addresses leaked and exploited.

Key takeaway from this breach:

It’s really all about access. Who has access to your client data? Who has access to the applications you use in your business? How do your team members access data and applications within your firm?

Review your systems and applications—and don’t disregard one or another because they don’t contain financial information.

Considering having an access management solution for your accounting practice? Learn how Practice Protect provides easy access management to over 20,000 accountants worldwide.

 
Read more

The Rise of Access Brokers – What It Means for Accountants

With the rise of cyber threats targeted at accounting professionals, it's crucial to understand the risks posed by initial access brokers and how solutions like Practice Protect can be essential in safeguarding their data. Read more

Staff Cyber Security Awareness Training During Tax Season: Essential Actions for Accountants

Explore actionable cyber security awareness training tips for accountants during tax season. Discover how Practice Protect, America's leading cyber security platform for accounting professionals, fortifies your firm against cyber threats. Read more

FTC Safeguards Rule Compliance – A complete guide for Accountants and Bookkeepers

The FTC safeguards rule has captured a lot of attention in recent years among the Accounting, Bookkeeping and Tax preparer community. With its complexities and implications, this regulation has left many practitioners pondering what it truly means for their practices and whether proactive steps are required. Working with over 24,000+ accountants and bookkeepers, we have […] Read more