Connect with us

Hi, what are you looking for?


Data Breaches

Bookstore Chain Dymocks Discloses Data Breach Possibly Impacting 800k Customers

The personal information of more than 800,000 individuals was stolen from bookstore chain Dymocks in a cyberattack last week.

Bookstore chain Dymocks Booksellers is informing hundreds of thousands of individuals that their personal information might have been stolen in a data breach last week.

The Australian company, which has more than 60 brick-and-mortar stores and an online bookstore, says that it identified the unauthorized access to customer records on September 6, and that it immediately launched an investigation into the incident.

“While our investigation is ongoing and at the early stages, our cybersecurity experts have found evidence of discussions regarding our customer records being available on the dark web,” Dymocks says in a customer notice.

The bookstore chain discovered the data breach after being alerted by a third party and has yet to determine whether the data was stolen from its network or from any third-party provider processing data on its behalf.

“At the moment initial scans of our systems show no sign of penetration and we are working with our third-party partners to understand whether the breach could have occurred in their systems,” the company says.

The investigation, however, determined that the stolen information might have involved names, addresses, birth dates, gender, email addresses, and membership details for Booklovers (Dymocks loyalty program).

Dymocks says that the compromised customer records do not contain customer financial information, as it does not hold or store such data. The company has found no evidence that Booklovers passwords might have been compromised.

Advertisement. Scroll to continue reading.

The company notes that it has yet to determine which customers might have been affected, as well as the exact number of impacted individuals.

According to data breach notification service Have I Been Pwned, the attackers stole roughly 1.2 million Dymocks records, which contained more than 800,000 unique email addresses, which could indicate the number of affected customers.

The data breach, Have I Been Pwned says, occurred in June 2023, and exposed customer phone numbers as well, along with the information Dymocks has confirmed as being compromised.

Dymocks recommends that its customers change their Booklovers passwords and passwords for other online accounts. The company also warns that the stolen personal information might be used to commit fraud and other types of attacks.

Related: IBM Discloses Data Breach Impacting Janssen Healthcare Platform

Related: 7 Million Users Possibly Impacted by Freecycle Data Breach

Related: Sourcegraph Discloses Data Breach Following Access Token Leak

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Data Breaches

A group of hackers has leaked Atlassian employee records and floorplans, information that was obtained from third-party workplace platform Envoy.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Data Breaches

AT&T is notifying millions of wireless customers that their CPNI was compromised in a data breach at a third-party vendor.

Data Breaches

KFC and Taco Bell parent company Yum Brands says personal information was compromised in a January 2023 ransomware attack.


Instant Checkmate and TruthFinder have disclosed data breaches affecting a total of more than 20 million users.