Australian supermarket chain Woolworths has confirmed that millions of customers of its MyDeal subsidiary have been impacted by a major data breach.

The company said that customers’ data were exposed after a compromised user credential was used to gain unauthorised access to MyDeal’s Customer Relationship Management (CRM) system.

According to Woolworths, the breach affected around 2.2 million customers.

Data compromised includes customer names, email addresses, phone numbers, delivery addresses and dates of birth.

Of the customers affected by the breach, 1.2 million only had their email addresses exposed.

The data breach did not include records such as payment information, driver’s licence or passport details and passwords.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

Online shopping site MyDeal is in the process of contacting the estimated 2.2 million customers who were in the breach.

Woolworths and MyDeal have also begun engagement with relevant regulatory authorities and government agencies over the issue.

MyDeal CEO Sean Senvirtne said: “We apologise for the considerable concern that this will cause our affected customers.

“We have acted quickly to identify and mitigate unauthorised access and have increased the monitoring of networks.

“We will continue to work with relevant authorities as we investigate the incident and we will keep our customers fully informed of any further updates impacting them.”

The news comes after Woolworths acquired around 80% of last month.

The data network and CRM system were operated on a separate platform from Woolworths Group.

Other Woolworths Group platforms were reported to be safe, as were the Woolworths Group customer and Everyday Rewards records.

In August this year, Woolworths Group officially launched Woolworths at Work, an online shopping platform for businesses of all sizes across Australia.

The platform enables employers to purchase fresh food, kitchen and cleaning supplies among other essential products, offering a selection of more than 20,000 items.