The Good Guys has revealed that up to 1.5 million loyalty program customer's data may have been compromised in a cyber attack on My Rewards in 2021.
The Good Guys has released a notification that it had some of its customer data accessed by an unauthorised user likely to have occurred in August 2021. The company posted a notification on its website that read, “the IT systems of a former third-party supplier, Pegasus Group Australia Pty Ltd, now known as My Rewards Pty Ltd, have been improperly accessed by an unauthorised user. The Good Guys can confirm that its own IT systems were not involved in this incident. My Rewards was previously used by The Good Guys to provide reward services for “Concierge” members.
“My Rewards held contact details of Concierge members, including names, addresses, phone numbers and email addresses. For those Concierge members who set up a My Rewards account, My Rewards also held the encrypted password (and, in some limited circumstances for those who elected to provide it to My Rewards, date of birth).
My Rewards has confirmed that no personal identity documents or financial information such as driver’s licence, passport or credit card data is involved in the breach.
The Good Guys have only just been alerted of the breach and believe that this stolen information may have been made public “The Good Guys is extremely disappointed that My Rewards, a former services provider, has experienced this breach and we apologise for any concern that this may cause,” the statement reads.
The company has already directly contacted 325,000 Concierge loyalty program members, with a further 1.5 million Concierge members whose contact details might have been impacted by the breach.
Jacqueline Jayne, Security Awareness Advocate at KnowBe4 says The Good Guys customers should update their passwords as soon as possible and be on the lookout for any suspicious activity. “While the information that was stolen does not contain payment records, any information social engineers have about potential victims can be very useful to them and a significant threat to those they may target. By using information about previous orders and perhaps knowing order patterns, a good social engineer could come up with a very convincing phishing email that could be used to redirect payments or gather more sensitive information from potential victims. Because many victims will assume an email or text message containing legitimate information about previous orders would be trustworthy, it can make it much easier for a social engineering attack to be successful.
“For customers impacted by this data breach, it’s important for them to understand that the likelihood that they will become a target of social engineers has likely increased greatly. Victims of this data loss should be very cautious when it comes to future communications and they should pay close attention to any links in messages or requests for more information.”
The e-commerce landscape is changing. With a Power Retail Switched On membership, you get access to current e-commerce revenue and forecasting, traffic levels, average conversion rate, payment preferences and more!