The privately owned Australian company on Friday began advising its customers about the breach, saying it had become aware “some of our customer ­information may have been compromised.’’

Dymocks says it became aware on Wednesday that an “unauthorised party may have access to some of our customers records”. However, the hackers were known to have been spruiking the stolen data in a dark web breach forum since at least Sunday.

The hackers are also claiming to have accessed the data of 1,048,575 Dymocks customers. This figure is not yet verified.

In an emailed statement to customers, Dymocks Books managing director Mark Newman said: “We are still investigating this but we wanted to be proactive and warn you that there is a chance that this has occurred.

“For now, we advise you to be vigilant and monitor your ­accounts for any unauthorised activity, and as a precaution change your password. We will update you as soon as we have more information to share.’’

Dymocks said it did not store financial information on customers, so credit card and banking details would not have been compromised. However, it said the kinds of records likely to have been breached included dates of birth, postal addresses, email addresses, mobile numbers, gender, and membership details such as gold expiry date, account status, member-created date and card ranking.

“We are sorry this has ­occurred and understand that you may have more questions,’’ the company said.

“If you have any questions, you can contact our customer support team on 1800 849 096 between 9am and 5pm AEST; and Email: help@dymocks.com.au.’’

Dymocks Books, owned by the Sydney-headquartered Dymocks Group, said it had launched an investigation with its cyber security advisers to ­assess what had happened.

“While our investigation is ongoing and at the early stages, our cybersecurity experts have found evidence of discussions regarding our customer records being available on the dark web,’’ the company said.

“At this stage it is unclear which customers may be impacted. We are letting everyone know as soon as possible because the incident may affect customer records and we are committed to being open and transparent.

“While we do not know which customers have been impacted at this stage or what has ­occurred, this notice outlines the steps we recommend all customers should consider taking to protect themselves. ’’

Mr Newman told The Weekend Australian the hackers had not sought a ransom.

Asked if data of more than a million customers had been breached, Mr Newman said the company was working through the details. He said the company was aware that some of its customers’ data was on the dark web.

The apparent breach of a giant retail data base is the latest in a long line of similar breaches in Australia, with companies including Latitude Finance, Optus and Medibank all losing the data of millions of customers to cyber criminals.

National security consultant James King said Australians should expect continued exposure in data breaches.

“They should assess how these have, and can affect, their security, including targets of domestic violence, foreign interference and financial fraud,” he said.

“The only data at risk in a data breach is that which a business retains.

“Businesses should make information deletion processes as accessible as its initial collection.”

More Coverage

Latitude hack passes 14 million as legal firms circle

Joseph Lam, Glenda Korporaal

Medibank exposed in hack also affecting EY, PwC

Joseph Lam

Russian hackers leak Crown data on web

Ellen Whinnett

Privacy watchdog’s data stolen by Russians

Ellen Whinnett

Ellen WhinnettAssociate editor

Ellen Whinnett is The Australian's associate editor. She is a dual Walkley Award-winning journalist and best-selling author, with a specific interest in national security, investigations and features. She is a former political editor and foreign correspondent who has reported from more than 35 countries across Europe, Asia and the Middle East.

@ellenwhinnett

Ellen Whinnett

More related stories

Nation

‘No apology’ after Olympic cyclist’s tragic death

The family of Olympian Melissa Hoskins have laid bare their pain and grief in an emotional court hearing, claiming her cyclist husband has never apologised.

Read more

Politics

Why Anthony Albanese and Tanya Plibersek are ghosting each other

Plibersek and the PM share a long history of conflicting leadership ambitions and fortunes. Her now celebrated blow away kiss at Labor’s campaign launch betrays deeper feelings and risks political damage.

Read more