Bookstore chain Dymocks Booksellers is informing hundreds of thousands of individuals that their personal information might have been stolen in a data breach last week.
The Australian company, which has more than 60 brick-and-mortar stores and an online bookstore, says that it identified the unauthorized access to customer records on September 6, and that it immediately launched an investigation into the incident.
“While our investigation is ongoing and at the early stages, our cybersecurity experts have found evidence of discussions regarding our customer records being available on the dark web,” Dymocks says in a customer notice.
The bookstore chain discovered the data breach after being alerted by a third party and has yet to determine whether the data was stolen from its network or from any third-party provider processing data on its behalf.
“At the moment initial scans of our systems show no sign of penetration and we are working with our third-party partners to understand whether the breach could have occurred in their systems,” the company says.
The investigation, however, determined that the stolen information might have involved names, addresses, birth dates, gender, email addresses, and membership details for Booklovers (Dymocks loyalty program).
Dymocks says that the compromised customer records do not contain customer financial information, as it does not hold or store such data. The company has found no evidence that Booklovers passwords might have been compromised.
The company notes that it has yet to determine which customers might have been affected, as well as the exact number of impacted individuals.
According to data breach notification service Have I Been Pwned, the attackers stole roughly 1.2 million Dymocks records, which contained more than 800,000 unique email addresses, which could indicate the number of affected customers.
The data breach, Have I Been Pwned says, occurred in June 2023, and exposed customer phone numbers as well, along with the information Dymocks has confirmed as being compromised.
Dymocks recommends that its customers change their Booklovers passwords and passwords for other online accounts. The company also warns that the stolen personal information might be used to commit fraud and other types of attacks.