Advertisement
Woolworths acquired 80% of the MyDeal online marketplace in September, but says MyDeal systems are completely separate from its own systems, which have not been impacted by the incident.
According to the company, a threat actor leveraged a user’s compromised credentials to access the MyDeal customer relationship management (CRM) system.
This gave the attacker access to MyDeal customer data, including name, email address, phone number, delivery address and, in some cases, date of birth. Woolworths said 1.2 million of the impacted customers only had their email address compromised.