The Good Guys has reached out to 1.85 million members of its Concierge loyalty program advising them of a data breach via a former third-party partner, Pegasus Group, now known as My Rewards.
An unauthorised user gained access to the My Rewards database back in August 2021, accessing information about Concierge members such as the encrypted password and in some cases their date of birth.
“My Rewards has confirmed that no personal identity documents or financial information such as driver’s licence, passport or credit card data are involved in the breach,” The Good Guys said in a statement, adding that its own IT systems were not involved in the breach.
A My Rewards spokesperson said that while the company believes no serious harm has been caused by the breach, it is very concerned with the unauthorised access to the information and is working closely with Federal Government authorities to minimise the impact of the breach.
The Good Guys said the incident impacted 325,000 Concierge members who had set up a My Rewards account and it was also contacting a further 1.5 million Concierge members whose contact details may have been impacted.
“The Good Guys no longer uses My Rewards to provide member benefits. My Rewards accounts linked to Concierge member benefits have been closed and My Rewards no longer holds any personal information of Concierge members,” the company said.
MD Biag Capasso apologised to customers. “The Good Guys takes the matter of privacy and data security very seriously. It is extremely disappointing that My Rewards, a former services provider, has experienced this breach.
“While we understand that no personal identity documents or financial information such as driver’s licence, passport or credit card data is involved, we have notified the OAIC of the incident and we are contacting all those affected.”