Woolworths says data of online unit’s 2.2 million users breached

(Reuters) – Australia’s Woolworths Group Ltd said on Friday its majority-owned online retailer MyDeal identified that a “compromised user credential” was used to access its systems that exposed data of nearly 2.2 million users.

The news comes just weeks after Australia’s second-largest mobile phone operator Optus suffered a breach that compromised data of up to 10 million customers – one of the biggest such incidents – triggering an overhaul of the country’s consumer privacy rules.

The latest cyber attack follows two other instances since Optus – a “small breach” at Australia’s largest telecommunications firm Telstra Corp Ltd and health insurer Medibank Private detecting unusual activity on its network.

MyDeal’s exposed customer data includes names, email addresses, phone numbers, delivery addresses, and in some instances date of birth of the customers, the Sydney-based retailer said.

It further clarified that MyDeal’s website and application were not impacted, and none of the other platforms of Woolworths group were compromised.

MyDeal, owned 80% by the top grocer, said it was contacting the affected customers and working with authorities to investigate the incident.

(Reporting by Sameer Manekar in Bengaluru; Editing by Savio D’Souza and Dhanya Ann Thoppil)