NewsBite

Hardware chain Total Tools suffers major data breach after cyber attack

Nearly 40,000 Aussie tradies have been put at risk after a popular hardware chain suffered a major data leak.

‘Almost every day’ data breaches are happening in Australia

Hardware store chain Total Tools was the target of a terrifying data leak that is believed to have affected more than 38,000 tradies.

Credit card numbers, emails, postal addresses and other important log-in details have been compromised.

The devastating leak is believed to have been at the hands of professional cyber hackers, with Total Tools’ parent company Metcash discovering the issue earlier this week.

Total Tools has been targeted in the attack. Picture: Supplied
Total Tools has been targeted in the attack. Picture: Supplied

The company has contacted their customers to inform them about the data leak along with some recommendations on how to keep their sensitive information safe.

Total Tools chief executive Richard Murray confirmed the incident on Thursday but said he believed the cause of the data leak had since been fixed.

“The cyber incident has illegally compromised certain personal information, however Total Tools is confident that the cause of this incident has been removed from its website,” Mr Murray told The Australian.

“The data that has been illegally compromised includes customer name, email address, Total Tools password, mobile number, shipping address, and credit card details of customers who shopped or registered on our website recently.”

Total Tools sent out an email to customers. Picture: Reddit
Total Tools sent out an email to customers. Picture: Reddit

He vowed that the company would continue to work with a forensic and cybersecurity expert on the matter.

“Total Tools’ communications to impacted customers recommended precautions they can take to lower the risk of their information being potentially misused,” he added.

“In addition to contacting impacted customers, Total Tools has also implemented several additional cybersecurity measures to minimise the likelihood of this occurring again.”

He said the company was dedicated to “supporting customers throughout the process” and hopes this will allow their customers to “shop with confidence” again at the chain.

Total Tools executive Richard Murray confirmed the cause of the breach had been fixed. Picture: Aaron Francis/The Australian
Total Tools executive Richard Murray confirmed the cause of the breach had been fixed. Picture: Aaron Francis/The Australian

Total Tools’ website was temporarily shut down on Thursday due to an error updating prices on the website and is not believed to be related to the cyber attack.

Australia has experienced its highest number of data breaches in almost four years, according to a new report released just days ago.

In the six months to June 2024, there was a nine per cent spike in breaches reported to the

Office of the Australian Information Commissioner (OAIC), which stated that they feel current safety and security measures were not good enough.

There were 527 data breaches between January and June this year, the Notifiable Data Breaches Report found, and the OAIC said: “This is the highest number of notifications since July to December 2020.”

Many Australians have been targeted in data breaches in recent years. Picture: iStock
Many Australians have been targeted in data breaches in recent years. Picture: iStock

Total Tools is just the latest Australian business to have been targeted in a cyber attack.

In late 2022, publicly-listed health insurer Medibank’s market value collapsed by $1.7bn as hackers linked to an online Russian criminal forum threatened to expose the health records and other sensitive information of millions of Australians.

The cyber attack compromised the records of 10 million customers and ended up costing Medibank more than $30m. Regular APRA forced the insurer to set aside a capital adequacy requirement of $250m after IT “weaknesses” were identified.

Optus was another high-profile victim of a data leak and was later hit with legal action from the Australian Communications and Media Authority, which argued the carrier breached the Telecommunications (Interception and Access) Act 1979.

It was later reported in The Australian that data breach cost Optus as much as $140m.

Just this year, around half of the population was impacted by a data breach with MediSecure, a healthcare information service that provides electronic prescriptions and a prescription monitoring service.

Originally published as Hardware chain Total Tools suffers major data breach after cyber attack

Original URL: https://www.thechronicle.com.au/business/companies/hardware-chain-total-tools-suffers-major-data-breach-after-cyber-attack/news-story/0357de37f59744adda85352223ee1830