Vinomofo, MyDeal Cybersecurity saga continues as data reportedly sold

Cybersecurity, having long been a topic of more urgency than many were willing to realise, has been thrust into the spotlight in Australia over the last few weeks. Beginning with the serious data breach suffered by telecommunications giant Optus, the last week has seen online retailers MyDeal and Vinomofo suffering similar data breaches, with private health insurance provider Medibank the latest victim of such a cyber attack.

Even days removed from the announcement of their suffering the data breaches, the saga for both MyDeal and Vinomofo remains ongoing. In the case of both, hackers purporting to be responsible for the attacks have individually suggested the exposed data from each has now been sold, with concerns the data exposed in the Vinomofo breach may have been sold on a Russian cybercrime forum.

More bad news: Aussie wine retailer @vinomofo‘s data appeared for sale yesterday on a Russian-language cybercrime forum. The advert says the data has now been sold. It says the database has 700,000 users and is 17 GB. Analysis to come. #auspol #infosec pic.twitter.com/Vkr2kBoGpT

— Jeremy Kirk (@Jeremy_Kirk) October 20, 2022

Vinomofo, particularly, are also under fire for their responses to the breach, refusing to release any further details about the breach itself “in the interests of the privacy of our customers and partners”. Criticisms of Vinomofo’s housing of customer data on a separate test environment, exposing it to greater risk of foreign access, have also fallen on deaf ears with the online retailers as it dismisses such a decision as “industry practice”.

Still, the revelation of the details of the data breach suffered by private health insurance providers Medibank may well draw attention away from Vinomofo’s questionable response, as the company announced today that 200 gigabytes of data had been stolen from the company in a cyber attack – including the names, addresses, phone numbers and Medicare numbers of customers.

“The criminal claims to have stolen other information, including data related to credit card security, which has not yet been verified by our investigations,” Medibank also said via statement.

“I unreservedly apologise for this crime which has been perpetrated against our customers, our people, and the broader community,” Medibank CEO David Koczkar also said via statement, “We will learn from this incident and will share our learnings with others. Medibank will remain open and transparent and will continue to provide comprehensive updates as often as we can and need to.”

The high profile cyber attacks in Australia within the last month have driven home to many retailers a renewed respect for the importance of enhanced cybersecurity, with experts warning that remaining proactive and implementing strategies in this area should be of immediate concern for brands and businesses of all descriptions – particularly in retail, where instances of cybercrime continue to rise.

The e-commerce landscape is changing. With a Power Retail Switched On membership, you get access to current e-commerce revenue and forecasting, traffic levels, average conversion rate, payment preferences and more!