Australia’s furniture retailer Early Settler confirmed it was the victim of a data breach that exposed sensitive customer information. The company acknowledged claims that a third party had accessed customer names, email addresses, phone numbers, delivery addresses, and, in some instances, dates of birth. According to Early Settler, approximately 1.1 million customers may have been affected by this breach, which includes data from an archived database dating back to July 2022. Importantly, the company noted that payment information, such as credit or bank card details, was not compromised.
The threat actor, known as ‘Worry,’ made the breach public by posting the details on a hacking forum, offering the stolen data for sale for USD 2,000. A sample of the leaked data revealed that many fields were empty, although some email addresses were unique to this specific breach. Cybersecurity experts emphasized that this incident serves as a reminder of the evolving landscape of cyber threats. According to Peter Maloney, CEO of AUCyber, businesses must recognize the risks associated with both current and historical data, as archived data is often overlooked in terms of security.
Maloney further highlighted the commercial nature of cybercrime today, pointing out that stolen data is frequently commoditized and traded on underground markets. This incident exemplifies the growing sophistication of cyber threats, making it imperative for organizations to bolster their defensive measures and stay vigilant against new attack vectors. He urged businesses to focus on building resilient systems capable of quickly adapting to emerging threats in order to mitigate potential damage.
In response to the breach, Early Settler is treating the situation as a priority by investigating the incident and reviewing its security systems. The company has begun notifying affected customers and has also informed relevant authorities, including the Office of the Australian Information Commissioner and the Australian Cyber Security Centre. By taking these steps, Early Settler aims to address the breach effectively and enhance its security posture to prevent future incidents.
Reference: