Online wine-selling company Vinomofo has recently experienced a major data breach. The data breach that affected more than 600,000 of its customers worldwide, could potentially be a threat to customers' personal data, compromising their information including name, gender, date of birth, email address, and phone numbers.
As per the initial investigation of the security incident, the customer’s personal data that was accessed by an “unauthorised third party” was stolen via a testing platform. The testing platform was not linked to Vinomofo’s live website, the company stated.
“Vinomofo experienced a cybersecurity incident where an unauthorised third party unlawfully accessed our database on a testing platform that is not linked to our live Vinomofo website,” the chief executive, Paul Edginton, stated in the emails directed to the customers.
Vinomofo later confirms that the risk to its customers was “low” since other customer information such as passports, financial information, credit card details, and driver’s licenses were not accessed.
“Vinomofo does not hold identity or financial data such as passports, driver’s licences or credit cards/bank details. While no passwords, identity documents or financial information were accessed, the database includes other information about customers and members.” Edington added.
Reportedly, the company detected signs of the breach on September 27, and upon learning of the signs, the company collaborated with a cybersecurity firm as a preventive measure and alerted the government.
However, the notifications were sent out to the customers only after the investigation “established unlawful access of a Vinomofo database did occur”, says the company spokesperson.
On being asked by an anonymous customer about when the breach occurred and exactly which data has been stolen, the company’s spokesperson said no further information would be released.
“In the interests of the privacy of our customers and partners, and to reduce the risk of attempts by scammers to target them, we are not publicly releasing any further details about the incident,” he further added.
Vinomofo has reportedly informed the Australian Cyber Security Centre (ACSC) and the Office of the Australian Information Commission (OAIC) about the incident.
It added that it is currently collaborating with cyber security experts like IDCARE to look into the issue and reinforce its security system.
Vinomofo has now been contacting customers via emails after the data breach was confirmed, in order to alert them of the increased scam activities.
The emails provide customers with information explaining how to avoid potential scams and data breach that targets victims via fake emails and text messages. As an additional precautionary measure, the company has also recommended users change their Vinomofo account passwords regardless of whether they have been a part of the breach.
