A former third-party supplier breach resulted in the customer data of Australia’s retail giant, The Good Guys, being compromised by hackers. The third-party supplier in question was ‘My Rewards,’ formerly Pegasus Group Australia, which provides purchase rewards and benefits for the retail giant’s Concierge members.
The breach was verified by My Rewards’ management, explaining that unauthorised access to its systems last August 2021 had resulted in the data leak. In the statement, the company said to work with relevant authorities, including the Australian Federal Police, to help mitigate the incident.
Some exposed data from The Good Guys customers included full names, email addresses, birthdates, and contact details. Analysts deem the number of Concierge members involved in the hack could reach up to 1.5 million.
However, the retail giant’s IT systems were positive for not being involved in the breach. The company also assured that the exposure does not include customers’ financial or identification documents, such as passports, credit cards, and driver’s licenses.
The Good Guys retailer had cut ties with My Rewards long before the security breach.
The Australian retail giant discloses that they had closed all customer accounts linked to the Concierge benefits programme of My Rewards. The benefits supplier is not holding the retailer giant’s present customers’ data.
The Good Guys also expressed their disappointment towards My Rewards and has apologised to customers for the inconvenience the incident has caused. About 325,000 customers had been directly notified about the breach.
Security experts strongly advise the retailer’s affected customers to closely monitor their online accounts for suspected attempts of cyberattacks from threat actors. Despite the incident not involving financial data, hackers could still utilise customers’ information, such as names, email addresses, and contact details, for other cybercriminal activities that could potentially result in damages.
Separate researchers also stressed the negative impacts of data breach incidents related to companies’ third-party vendors. In a recent study, 97% of organisations within the Asia-Pacific region had been affected by supply chain security incidents, with nearly 40% would not know if their third-party vendor is exposed to a vulnerability.
For organisations to avoid supply chain security incidents, experts recommend thoroughly evaluating all third-party vendors they are employing to ensure data safety from any compromise.
