In the latest of a growing list of cyber incidents of Australian businesses, hardware store Total Tools is notifying customers by by email of a Cyber Incident.
The email from CEO Richard Murray confirms that the eCommerce website for Total Tools has experienced a cyber incident and as a result, personal information may have been compromised.
Customer details include First and last name, email, total tools password, mobile number, shipping address and the worst part, credit card details.
There’s no confirmation on exactly what is included as part of the credit card details, is this the last 4 digits of the card number and expiration date, or is it the full number, the expiry date and the CCV number. If those details were stored in the clear text, this will expose customers to misuse of their cards.
Murray goes on to detail the steps they are taking, including working with third-party forensic and cyber security experts to secure the website.
The company offers customer support via a phone number between 8am and 5PM during weekdays and an email address.
Finally the email concludes with an apology, but to those impacted that’ll not be particularly helpful if they face the risk of identity theft, or charges to credit cards (business or personal).
As we hear about a cyber incident like this, naturally people will wonder how this occurs. It’s likely a little too early to tell and hopefully the investigation will reveal how this occurred so others using the same platform can mitigate the risk.
If we look at the source code of the site, we can tell Total Tools uses Adobe Commerce for their online shop. Let’s be clear this is not confirmation there is anything vulnerable on Adobe’s side, simply a data point.
The email was shared by Troy Hunt, Creator of https://haveibeenpwned.com/
5
1
14
