Share this article on:
Australian hardware and tool chain Total Tools has disclosed that a data leak has potentially exposed the data of 38,000 of its customers.
The company is currently investigating the matter, which it first discovered when it detected suspicious activity on its systems.
Initial investigations by a third-party cyber forensics team suggest that the data of 38,000 customers was compromised.
Data reportedly includes names, log-on details, email addresses and credit card information.
According to media reports, investigations into the nature and size of the incident are still ongoing.
Responding to Cyber Daily’s request, Total Tools forwarded a statement by company CEO Richard Murray, which, in addition to the above information, has warned customers to take precautions following the breach.
“Total Tools’ communications to impacted customers recommended precautions they take to lower the risk of their information being potentially misused,” said Murray.
“In addition to contacting impacted customers, Total Tools has also implemented several additional cyber security measures to minimise the likelihood of this occurring again. Total Tools has also informed the Australian Cyber Security Centre and Office of the Australian Information Commissioner.
“As always, the safety of our customers and team members remains our number one priority. We are dedicated to supporting all impacted customers throughout this process and ensuring they can continue to shop in-store and online at Total Tools with confidence. We will update customers if any further relevant information becomes available.”
Just over two years ago, rival Australian hardware and tool seller Bunnings Warehouse revealed some personal information of customers using contactless pick-up may have been stolen in a data security breach.
In December of 2021, third-party software firm FlexBooker suffered a cyber security breach that led to the information of 3.7 million customers being exposed, and as a result, Bunnings was forced to warn its customers of the incident.
The compromised information may have included customers’ names and email addresses, which were provided when they selected a timeslot for a drive and collect order.
Although Bunnings is adamant that no sensitive information was lost in the attack, incidents like these can lead to significant reputational damage.
The Council of Small Business Organisations Australia's CyberWardens program said in the wake of the attack leak tradies should be on the lookout for scams.
“It is critical for tradespeople and anyone in the construction industry with online hardware business accounts to be on heightened alert for suspicious activity in the coming hours, days and weeks, as cyber-criminals try to use the stolen data for nefarious purposes,” Luke Achterstraat, COSBOA's CEO, said in a statement.
“We are warning businesses to be aware of scams and secondary attacks and take steps to secure your sensitive data, finances and client information.”
UPDATED 20/09/24 to add COSBOA commentary.