Online wine reseller Vinomofo has experienced a cyber security incident that could potentially compromise customer identifying information such as name, gender, date of birth, email address and phone numbers of more than 600,000 customers worldwide.
The security incident involved an “unauthorised third party” gaining access to the company’s database through a testing platform that is not linked to the live website.
Vinomofo's initial investigations have established that no passwords, identity documents or financial information were accessed, with the investigators categorising the risk to customers as “low”.
Financial data not compromised
In an email to its customers, Vinomofo CEO Paul Edginton said: “Vinomofo experienced a cybersecurity incident where an unauthorised third party unlawfully accessed our database on a testing platform that is not linked to our live Vinomofo website.
“Vinomofo does not hold identity or financial data such as passports, driver’s licences or credit cards/bank details.
“While no passwords, identity documents or financial information were accessed, the database includes other information about customers and members.”
Data breach at @vinomofo.“an unauthorised third party unlawfully accessed our database on a testing platform”
“information about you that was contained in the database that may have been accessed may include name, gender, dob, address, email address and phone number”
????♂️????♂️ ????♂️ pic.twitter.com/ZNpYYaClKv
— Troy Hunt (@troyhunt) October 17, 2022
What next?
The company has decided not to publicly release details about the total number of customers included in the incident.
However, customers who are affected by the incident will be contacted directly by Vinomofo in writing via email with further information and guidance on the precautionary steps that they can take to protect their information and privacy.
The matter has been reported to the Australian Cyber Security Centre (ACSC) and the Office of the Australian Information Commissioner (OAIC).
Vinomofo has warned its customers to remain alert to scam activity after the hack.