Dymocks confirms customer data published on the dark web

Sean Cao

6th Oct 2023

Bookstore chain Dymocks said it has concluded the investigation of customer data breach and worked to contain and resolve the problem.

Dymocks keeps a record of its customers’ information – including their name, email and/or phone number – after they sign up for its Booklover loyalty program.

The company said it was aware of the breach last month and has engaged independent cyber-security advisers and forensic experts to deal with the incident. It added the stolen information did not contain passwords, identification or any other highly sensitive information.

The investigation found that the breach occurred in relation to the system of the New Loyalty Provider, a third-party provider selected by Dymocks in June with an aim to enhance its Booklover program.

The New Loyalty Provider confirmed that it stored the customer records temporarily on a separate web server so it could import the contact information into its platform. However, the access keys for that server were stolen.

Dymocks has not identified the cybercriminal who stole the contact information but was sure the data found its way to the dark web.  

The company is now taking several steps to further strengthen its systems and prevent such incidents in the future. It has also provided a set of guidelines to help protect customers from potential fraud and scams by cybercriminals.