On September 6, Dymocks learned that an unauthorized party may have leaked its customer records on the dark web.
Now, the Australian bookstore chain has confirmed that the data of over 1.2 million customers has been exposed.
Dymocks data breach
Dymocks has notified customers about the data breach via email, saying that the threat actor has stolen 1.24 million customer contact records.
Initially, the bookstore chain didn’t know the extent of the breach, but now has more details.
It also confirmed that upon stealing the data, the hacker made it available on the dark web.
Dymocks also shared the information they’ve stolen from its contact records, saying it includes:
- Date of birth
- Email address
- Membership details
However, according to the bookstore, the threat actor didn’t access customers’ passwords and credit card details. They also didn’t steal any other highly sensitive information.
CEO Mark Newman said that the investigation showed that the threat actor didn’t compromise Dymocks’ controlled systems.
He said that the security measures for its internal systems are still effective when it comes to protecting customer data.
Newman said the store believes the data breach took place in an external partner’s data systems.
The bookstore chain is now trying to understand where exactly the breach occurred and how it bypassed the partner’s security measures.
Despite no highly sensitive information having been compromised, Dymocks advises all members to remain vigilant of potential scams.
With customers’ personal information, hackers could try to perform phishing attacks and other scams against them.
Dymocks also told customers that they can contact the store via phone (1 800 849 096) or email ([email protected]) if they have any questions.
The company also said it’ll continue to inform them about the investigation.
This incident can serve as a reminder that all organizations, regardless of their history or reputation, are susceptible to cyberattacks.