Vinomofo admits to a major data breach

(Source: Vinomofo Facebook)

Vinomofo has admitted to a data breach where the personal information of customers has been stolen.

The online wine retailer sent customers an email about the breach on Monday evening. It revealed that some of the details that may have been stolen include customers’ names, gender, dates of birth, addresses, email addresses and phone numbers.

However, Vinomofo said no financial information was taken in the breach. Vinomofo account passwords are also apparently safe, so in theory no one can look at your order history.

“Vinomofo does not hold identity or financial data such as passports, drivers’ licences or credit cards/bank details,” the company said.

According to the retailer, the customer information was accessed from a testing platform. While it is not connected to the live Vinomofo website, it did contain real information.

“Our investigation established that customers’ and members’ information on our database on this testing platform was unlawfully accessed by a third party,” Vinomofo said in a statement.

“However, our cyber security and forensic specialists have assessed that the risk to our customers and members by this information being accessed is low.”

It’s currently unclear when the incident occurred or how many customers were impacted.  SmartCompany has contacted Vinomofo for comment and clarity.

Vinomofo said it has reported the incident to the Australian Cyber Security Centre (ACSC) and the Office of the Australian Information Commissioner (OAIC). It also said it is now working with cyber security experts, such as IDCARE, to investigate the breach as well as strengthen its security systems.

The customer email goes on to provide customers with information on how to avoid potential scams off the back of the breach, such as fake emails and texts. They also recommend that customers change their Vinomofo account passwords as an extra precaution despite them not being part of the breach.

Major data breaches seem to be on the rise

This is just the latest in a string of data breaches across the country in recent weeks. Optus kicked things off with one of the biggest data breaches in Australian history, which affected customers’ personal and identifying information, including passports and driver’s licences.

This was swiftly followed by breaches across Telstra, Woolworths and Medibank, sparking fresh conversations around how customer data is stored by Australian companies, as well as people’s right over their data. It has also resulted in Attorney-General Mark Dreyfus calling for “urgent reforms” to the Privacy Act.

Under the Notifiable Data Breaches scheme, an Australian company must disclose a data breach if its likely to cause “serious harm”. This can include identity theft, impact to credit reports, fraud, physical and psychological harm or impact to reputation.

The story was originally published on Smart Company.

You have 7 articles remaining. Unlock 15 free articles a month, it’s free.