Data belonging to customers of The Good Guys have been compromised in a security breach involving the Australian retailer’s former third-party supplier, My Rewards.
Formerly known as Pegasus Group Australia, My Rewards also confirmed the breach in a statement Thursday, revealing that preliminary investigations pointed to an “unauthorised access” to its systems in August 2021, which led to the data compromise.
This meant that personally identifiable information, including names, email addresses, and phone numbers, likely had been made publicly available, the company said, noting that all its data were stored in Australia.
My Rewards added that its IT systems currently had not suffered any breach and would work with the relevant authorities. including the Australian Federal Police, regarding the breach.
In its own statement Thursday, The Good Guys said it was notified of the breach this month and that its own IT systems were not involved.
It previously worked with My Rewards to provide reward services for its Concierge members, some of whom would have set up My Rewards account that required a password. And while optional, customers’ dates of birth also might have been provided.
Compromised data did not include financial or identity document details, such as credit card, driver’s licence, or passport information.
The Good Guys said affected customers would be contacted about the breach. It added that My Rewards accounted linked to its Concierge benefits programme were closed and the former third-party vendor no longer held any personal data of its members.