In an email to customers, the company emphasized that the breach occurred on a testing platform that is not linked to its live website. The leaked information includes names, gender, dates of birth, addresses, email addresses, and phone numbers. Vinomofo said it is working with private and public “cyber security and forensic specialists” to investigate the incident, and the risk to customers is low. “Vinomofo does not hold identity or financial data such as passports, driver’s licenses or credit cards/bank details,” the company explained. Vinomofo has reported the incident to the relevant Australian cybersecurity and privacy authorities. Meanwhile, the company has refused to reveal the exact number of people affected by the breach. “In the interests of the privacy of our customers and partners, and to reduce the risk of attempts by scammers to target them, we are not publicly releasing details about or the total number of customers included in the incident,” Vinomofo said on its website. The company noted that the breach did not expose the data of its customers in Singapore and New Zealand.

Data Leaked on Testing Platform

Vinomofo said it is working on a “significant upgrade” to its website. The company imported a database with customer data to a testing platform to assess its performance. It was while the data was on this testing platform that the breach occurred. “Vinomofo has taken immediate steps to further secure our IT environment and bolster our technology systems to help prevent similar incidents happening again,” the company said. A company spokesperson said Vinomofo discovered signs of a breach on September 27. Consequently, it hired cybersecurity experts to investigate the incident and notified the Australian government. Vinomofo said it waited to confirm that there was unlawful access before informing customers. The company has urged customers to be on high alert for potential email, SMS, or telephone phishing scams. If you believe your data may have been exposed in this breach, you can contact IDCARE for more information and support. Head to the IDCARE website or reach them at 1800-595-160 and provide the reference VMF22. You can also put in a request for Vinomofo to delete your data from its database via privacy@vinomofo.com.

A String of Breaches

Vinomofo joins a growing list of Australian companies that hackers have targeted in recent weeks. Last month, telecom giant Optus was the victim of a major cyberattack that exposed the data of over two million people. This month, IT services company Dialog Group, medical insurance provider Medibank, and online retailer MyDeal have reported data breaches. Australian authorities have taken a stern view of the alarming rise in cyberattacks. The government is scrutinizing these incidents. Authorities are deliberating measures to minimize the fallout of data breaches on customers and hold companies more accountable. Australia’s regulatory authorities will carry out investigations into the Optus breach to determine whether the company took reasonable measures to protect customer data. Optus could potentially face a 2.2 million AUD fine for each privacy violation.  

Australian Online Wine Seller Vinomofo Suffers Data Breach - 13Australian Online Wine Seller Vinomofo Suffers Data Breach - 24Australian Online Wine Seller Vinomofo Suffers Data Breach - 96Australian Online Wine Seller Vinomofo Suffers Data Breach - 70