Dymocks has warned customers to “be vigilant” and monitor their accounts after the book store chain was hit by a security breach this week.
In an email to customers, Dymocks said they had “become aware that some of our customer information may have been compromised”.
Dymocks said it was made aware of the breach on September 6 and that an investigation was underway, though early findings painted a grim picture.
“While our investigation is ongoing and at the early stages, our cybersecurity experts have found evidence of discussions regarding our customer records being available on the dark web,” the email said.
“At this stage it is unclear which customers may be impacted. We are letting everyone know as soon as possible because the incident may affect customer records and we are committed to being open and transparent.”
The chain said in its email to customers while no financial information is stored, customer data including date of birth, postal and email addresses, mobile numbers and gender may have been accessed and shared on the dark web.
In a statement to NCA NewsWire, Dymocks said it believed no passwords or financial information had been compromised.
Dymocks is now working with a global cyber security company to trace the source of the incident, extent of exposure and to determine exactly what data had been affected.
Anyone whose personal details have been exposed in the breach will be notified, as will the Office of the Australian Information Commissioner at the completion of the investigation.
“We are deeply sorry that this has occurred. Dymocks takes any potential threat to customer data very seriously,” Mark Newman, Managing Director for Dymocks Books said.
“We would like to assure our valued customers that their privacy and security are our top priorities.”