One of Australia’s leading retailers of consumer electronics, digiDirect, is allegedly facing theft of data belonging to over 300k customers from a cybersecurity breach.
On Sunday, a threat actor using the alias “Tanaka” posted on the dark web, saying the e-tailer had been breached and that they had data belonging to 304,000 customers. Tanaka also added a sample of the stolen data in the post for confirmation.
In their post, Tanaka attributed the attack to another threat actor “Chucky”, a hacker recently attributed to an ongoing Dell data breach. “very thanks to Chucky,” Tanaka wrote in the post.
Sensitive customer data compromised
In the BreachForum post, the threat actor claimed stolen data consists of customers’ sensitive personal information, including full names, email addresses, phone numbers, company details, zip codes, street addresses, country and state information, and date of birth.
Additionally, the post added, sensitive billing details including billing and shipping address, billing “first” and “last” names, and the AIPP verification status, were also a part of the dump.
Victims of such personal information theft can face cyber threats including identity theft, phishing, targeted spear phishing, and account takeover (ATO) attacks. Compromised billing details can be used in fraudulent purchases, synthetic identity thefts, and shipping frauds.
digiDirect has yet to respond to these allegations.
Cybercrime in Australia
Australia has had quite a busy year in terms of breaches and attacks. Among the widely reported are the TicketMaster breach, MediSecure ransomware attack, and Nissan Oceania hack.
On Monday, a threat actor using the alias “0xy0um0m” claimed hacking the Australian non-banking, financial services provider, Fifo Capital, alleging a 60GB dump consisting of mailing, invoice, and profile data of customers.
In other big events, the Australian Federal Police (AFP) dismantled a global criminal platform, Ghost, and charged an Australian-based person of being an alleged mastermind and administrator of the App.
