Woolworths subsidiary MyDeal leaks 2.2 million customers' details

Woolworths subsidiary, online marketplace MyDeal, said 2.2 million customer records had leaked from its CRM system.

MyDeal said a compromised user credential was used to access the CRM system, and affected customers are being notified.

No other Woolworths system was involved in the breach.

Compromised customer data includes customer names, email addresses, phone numbers and delivery addresses, along with dates of birth if customers had to prove their age to purchase alcohol.

“For 1.2 million customers involved in the breach only their email addresses were exposed," Woolworths said in its data breach notification.

“MyDeal does not store payment, drivers licence or passport details, and no customer account passwords or payment details have been compromised in this breach,” the statement said. 

“The customer data was accessed within the MyDeal CRM system and the Mydeal.com.au website and app have not been impacted.”

Woolworths Group acquired around 80 percent of MyDeal in September.

Both the Mydeal.com.au network and its CRM system operate on separate platforms to Woolworths. 

As a result, Woolworths said that "there has been no compromise of any other Woolworths Group platforms or the Woolworths Group customer or Everyday Rewards records.”

MyDeal CEO, Sean Senvirtne, said the company has “increased the monitoring of networks." 

“We will continue to work with relevant authorities as we investigate the incident and we will keep our customers fully informed of any further updates impacting them.”