Dymocks investigating possible unauthorised access to customer records
Cybersecurity analysts say they have confirmed “threat actors” are attempting to sell customer records from Australian book retailer Dymocks on the “deep and dark web”.
Central Sydney
Don't miss out on the headlines from Central Sydney. Followed categories will be added to My News.
Cybersecurity analysts say they have confirmed “threat actors” are attempting to sell customer records from Australian book retailer Dymocks on the dark web.
Australian book retailer Dymocks has been investigating the possibility its customer records have landed on the dark web after an “unauthorised party” potentially accessed them.
Dymocks sent an email to its membership base on September 8 reporting an incident which may have occurred on September 6.
“On September 6, Dymocks became aware that an unauthorised party may have access to some of our customer records,” the email reads.
“As soon as we became aware of the incident we, together with our cybersecurity advisers, launched an investigation to assess what happened.”
Flashpoint senior intelligence analyst Ben Gestier said his team had confirmed details from the recent Dymocks data breach were being “transacted on the deep and dark web”.
“Over a period of 48 hours since the breach, analysts have identified up to 20 interactions of varying degrees by threat actors attempting to sell the details,” Mr Gestier said.
“Further investigations have also highlighted the likelihood of the CSV dataset being downloaded by multiple threat elements. We are continuing to monitor the situation.”
At the time, Dymocks said “cybersecurity experts have found evidence of discussions regarding our customer records being available on the dark web”.
The business said it was currently unclear which customers might be impacted.
“We are letting everyone know as soon as possible because the incident may affect customer records and we are committed to being open and transparent,” the email states.
The book retailer said customer records may include information such as birth dates, postal addresses, email addresses, mobile numbers, genders, and Dymocks membership details.
Customer financial information was not held by the business and Dymocks said this would not be in any potentially stolen customer data.
Customers were advised to change passwords and monitor for suspicious bank activity or phishing scams via post, phone or email.
More to come.
‘Beyond reasonable’: Top private school in $1m tussle with council
An elite Sydney private school has hit out at a council’s ‘unreasonable’ and costly demand that it pay for nearby street upgrades before it is allowed to begin accepting female students.
Read more
Bella Nipotina wins the 2024 TAB Everest
Bella Nipotina has triumphed in the 2024 TAB Everest before a huge crowd at Royal Randwick. LATEST TIPS, RESULTS
Read more