Dymocks bookstore says cybercrooks stole personal data of over 800,000 customers

Dymocks Booksellers, a chain that operates stores in Australia, New Zealand and Hong Kong, has disclosed a data breach that led to the exposure of personally identifiable information (PII) belonging to over 800,000 customers.

“On 6 September 2023, we became aware that an unauthorized party may have access to our customer records (Incident),” Dymocks’ security notice reads.  “As soon as we became aware of the Incident, we, together with our cybersecurity advisers, promptly launched an investigation to assess what happened.”

So far, the investigation has revealed that threat actors stole 1.2 million user records for 836,120 unique Dymocks accounts. Exposed data may vary from person to person, and may include:

• Full name, date of birth and gender
• Email address and postal address
• Membership details such as gold expiry date, account status, account creation date and card ranking

Dymocks said no financial information of customers was exposed during the incident.

“Importantly, as we never hold or store customer financial information this information would not be in the customer record,” the company explained.

According to BleepingComputer, the Dymocks database was put up for sale on a data breach forum on Sept. 3. However, security expert Troy Hunt foundthe data circulating on various Telegram channels as early as June.

While Dymocks has not found evidence of password compromise, the bookstore chain advises customers to immediately change passwords for their Booklovers account, as well as any other accounts where they might have used the same login credentials.

“Given the information may be on the dark web and this can be used by cyber criminals to commit fraud and other scams, we recommend you consider, as a precautionary step, changing your passwords for your online accounts including for your Booklovers account, social media and other online accounts (and otherwise ensure that you have sufficiently complex passwords),” Dymocks explained.

Additionally, the company recommends users watch out for phishing schemes via phone, email or post, install a security solution on their devices and immediately report any suspicious activity to the authorities.

Want to stay on top of data breaches and protect your digital identity?

Start monitoring the digital you and check what type of personal information has been exposed online or on the dark web with Bitdefender Digital Identity Protection.

Our identity protection tool offers 24/7 data breach monitoring and alerts, weekly reports, personalized recommendations, and informative newsletters following scans, including actionable advice about what you should do next to secure your online accounts and digital identity.