Dymocks Booksellers, a prominent bookstore chain, has disclosed a data breach that could potentially affect hundreds of thousands of its customers. The Australian-based company, boasting over 60 physical stores and an online platform, detected unauthorized access to its customer records on September 6 and promptly initiated an investigation. Preliminary findings from their cybersecurity team have uncovered discussions on the dark web about the availability of Dymocks’ customer records. The breach’s origin remains uncertain, with Dymocks yet to ascertain if the data was compromised from its own network or a third-party data processor. Initial system scans by Dymocks haven’t shown any signs of intrusion, and they are collaborating with third-party partners to determine if the breach occurred in their systems.
The potentially stolen data includes names, addresses, birth dates, gender, email addresses, and membership details of the Booklovers loyalty program. However, Dymocks has confirmed that no financial information was compromised since they don’t store such data. There’s also no evidence suggesting that Booklovers passwords were breached. The exact number of affected customers remains undetermined.
However, the data breach notification service “Have I Been Pwned” reported that about 1.2 million Dymocks records were stolen, encompassing over 800,000 unique email addresses. This could hint at the number of impacted customers. According to the service, the breach took place in June 2023 and also exposed customer phone numbers. Dymocks is advising its customers to update their Booklovers passwords and be vigilant, as the stolen data could be used for fraudulent activities and other malicious attacks.
To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net or you can try your self using check.website.
Source: SecurityWeek