Experts are urging tradies to ‘play it safe’ online after thousands of hardware store customers had their data stolen by cyber hackers.
Last week’s cyber attack on the national hardware store chain Total Tools resulted in 40,000 tradies’ private data stolen after professional hackers breached the servers of their parent company Metacash.
Confirming the incident in an email to customers last Thursday, CEO Richard Murray said that bandwidth bandits have made off with a bunch of highly sensitive information linked to Total Tools accounts, including credit card numbers and even shipping addresses.
“The data that has been illegally compromised includes customer name, email address, Total Tools password, mobile number, shipping address, and credit card details of customers who shopped or registered on our website recently,” Murray told The Australian.
But, while the group claims to have plugged up the leak and is working alongside cyber security experts to sure up their website’s defences, experts warn that the digital danger is far from over.
Speaking to Build-it, online safety specialist Jacqueline Jayne said cyber hacks were a daily occurrence in 2024, and most Aussie businesses aren’t equipped to protect themselves.
“According to the Office of the Australian Information Commissioner (OAIC) there were 527 data breaches between January and June this year. The highest number of notifications since July to December 2020,” she told Build-it.
“Cybercriminals are very sophisticated with their methods and many organisations are not protected enough when it comes to cyber attacks like this.
“While there is not yet information about the cause of this data breach (Total Tools hack), it is a well-known fact that between 80 per cent and 90 per cent of successful cyber attacks are the result of human error.”
And Jayne isn’t just talking about the smaller mum-and-pop operations in charge of your local lumber yard. Cyber attacks on big names like Optus and MediSecure have dominated headlines in recent years, with the latter leaving 12.9 million Aussies having their personal data stolen by hackers in June.
What can you do if your data is leaked?
But all hope isn’t lost if you do find hackers getting a hold of your digital details. In the case of the Total Tools breach, Jayne said there were a number of simple tweaks tradies could make to protect their other accounts.
“We all need to accept that most of our basic information is already available online such as first name, last name, addresses, phone numbers, credit card numbers, email addresses and even password,” she told Build-it.
“In the Total Tools breach, the most important action customers need to take is to change their password immediately. Do not reuse a password. Create a unique new password.
“If you used your Total Tools password for any other accounts, change those passwords immediately.
“If CVV number on the reverse of any stored credit cards WERE NOT part of the breach, customers still need to be mindful of suspicious activity (if concerned, lock or cancel the card).
“If the CVV number WAS part of the data breach then that card needs to be cancelled immediately.”
She also warned tradies to be on the lookout for fraudulent emails, sms and phone calls heading their way as hackers attempt to get a hold of more personal information or demanding further payment.
How to protect yourself from hackers
While changing your passwords and cancelling your card can help keep the hackers at bay, the CEO of digital content management group Aristotle Metadata, Samuel Spencer, said that careful prevention would always be the best digital defence.
Be it dealing with online tool stores or handing your email out to your local coffee shop, Spencer encouraged tradies to think about the consequences of giving over your details.
“Question why you need to give it up. Making an account often requires a name and date of birth which are valuable for hackers,” he told Build-it.
“Also consider, ‘Do I trust this organisation can keep my data safe’. Data protection in 2024 is complex. Your bank is probably well-equipped to protect your data, but the local coffee shop may not be.
“Lastly, ask, what is the value of the data give up and the cost for you to replace it. A five per cent discount on coffee probably isn’t worth the cost of replacing your licence or credit card if those are hacked down the line.”
When you do find yourself busting out the credit card to buy a full socket set off of Temu (yes, that’s a real thing), Jayne said the most important thing tradies could do was to use payment and password software to keep their details confidential.
“For secure passwords, get yourself a password manager and implement two-factor authentication on everything,” she told Build-it.
“For secure payment, I recommend using a third-party payment app (PayPay, Google Pay, etc.) rather than storing or using credit cards for online shopping.
“If using a credit card is preferred, please make sure you get an ‘online shopping credit card’ specific for this use with a minimal limit on it. Preferably one that is from a separate bank from where you do most of your banking or not linked to anything else.
“This way, if these credit cards are part of a breach, the damage is limited and you can get back to your trade.”
As a general rule, Jayne said the more security hoops you have to jump through to purchase something, the safer your data is from potential hacks.
“Just like your favourite tools and gadgets, you more than likely make sure they are out of view and locked away to decrease the chance of them being stolen,” she told Build-it.
“The same applies for online protection. Using a password manager, 2FA and a third party payment app will take you longer to do things and it will annoy you.
“However, by implementing these three things, you will have more peace of mind when it comes to your online safety.”