A major hack of Aussie hardware chain Total Tools has seen thousands of tradies’ credit card numbers, email addresses and log-in details leaked online last week.
Almost 40,000 devastated customers woke up to an email last Thursday from the company notifying them that cyber hackers had got their hands on the information during another hack of their parent company Metcash a few days prior.
After finding an issue in the website, the company, which has 120 stores nationwide, claimed they had identified “suspicious activity” on their digital storefront.
Total Tools chief executive Richard Murray confirmed the incident on Thursday but said he believed the cause of the data leak had since been fixed.
“The cyber incident has illegally compromised certain personal information, however Total Tools is confident that the cause of this incident has been removed from its website,” Murray told The Australian.
“The data that has been illegally compromised includes customer name, email address, Total Tools password, mobile number, shipping address, and credit card details of customers who shopped or registered on our website recently.”
Despite the problem supposedly being solved, Murray said the company was working alongside forensic and cybersecurity experts to bolster their online defences.
“Total Tools’ communications to impacted customers recommended precautions they can take to lower the risk of their information being potentially misused,” he added.
“In addition to contacting impacted customers, Total Tools has also implemented several additional cybersecurity measures to minimise the likelihood of this occurring again.”
Murray finished by saying Total Tools was dedicated to supporting “customers throughout the process” to allow their customers to “shop with confidence” both online and in store.
The website was taken down after news of the hack reached customers, but the company claimed it was due to an unrelated fix for incorrectly displaying prices.
This latest hack comes only days after a new report revealed Australia has experienced its highest number of data breaches in almost four years.
According to figures from the Office of the Australian Information Commissioner (OAIC), there were 527 data breaches in the first six months of this year, a nine per cent increase over last year’s numbers.
The report concluded that the current safety and security measures simply weren’t good enough, with this year seeing “the highest number of notifications since July to December 2020”.