Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

38k Total Tools shoppers compromised in data leak

Australian hardware and tool chain Total Tools has disclosed that a data leak has potentially exposed the data of 38,000 of its customers.

user icon Daniel Croft
Thu, 19 Sep 2024
38,000 Total Tools shoppers compromised in data leak
expand image

The company is currently investigating the matter, which it first discovered when it detected suspicious activity on its systems.

Initial investigations by a third-party cyber forensics team suggest that the data of 38,000 customers was compromised.

Data reportedly includes names, log-on details, email addresses and credit card information.

============
============

According to media reports, investigations into the nature and size of the incident are still ongoing.

Responding to Cyber Daily’s request, Total Tools forwarded a statement by company CEO Richard Murray, which, in addition to the above information, has warned customers to take precautions following the breach.

“Total Tools’ communications to impacted customers recommended precautions they take to lower the risk of their information being potentially misused,” said Murray.

“In addition to contacting impacted customers, Total Tools has also implemented several additional cyber security measures to minimise the likelihood of this occurring again. Total Tools has also informed the Australian Cyber Security Centre and Office of the Australian Information Commissioner.

“As always, the safety of our customers and team members remains our number one priority. We are dedicated to supporting all impacted customers throughout this process and ensuring they can continue to shop in-store and online at Total Tools with confidence. We will update customers if any further relevant information becomes available.”

Just over two years ago, rival Australian hardware and tool seller Bunnings Warehouse revealed some personal information of customers using contactless pick-up may have been stolen in a data security breach.

In December of 2021, third-party software firm FlexBooker suffered a cyber security breach that led to the information of 3.7 million customers being exposed, and as a result, Bunnings was forced to warn its customers of the incident.

The compromised information may have included customers’ names and email addresses, which were provided when they selected a timeslot for a drive and collect order.

Although Bunnings is adamant that no sensitive information was lost in the attack, incidents like these can lead to significant reputational damage.

The Council of Small Business Organisations Australia's CyberWardens program said in the wake of the attack leak tradies should be on the lookout for scams.

“It is critical for tradespeople and anyone in the construction industry with online hardware business accounts to be on heightened alert for suspicious activity in the coming hours, days and weeks, as cyber-criminals try to use the stolen data for nefarious purposes,” Luke Achterstraat, COSBOA's CEO, said in a statement.

“We are warning businesses to be aware of scams and secondary attacks and take steps to secure your sensitive data, finances and client information.”


UPDATED 20/09/24 to add COSBOA commentary.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.