Hardware chain, Total Tools suffers a data breach

September 23, 2024 |

Total Tools announced that it suffered a data breach which involved the loss of personal information . Total Tools statement is long and comprehensive.  It is overlong but that is a small criticism compared to the usual vague brief minimalist commentary that many Australian companies prefer publishing.  It is still quite vague as to the cause of the breach, when it happened and for how long.  That information is often provided in statements provided by American companies because often that information comes out. It has been reported that the breach involved the personal information of 38,000.

A media release should be part of a comprehensive data breach notification program. It is better than many Australian statements.  It  provides:

Overview:

Total Tools has experienced a cyber incident on its website that resulted in the compromise of some customers’ personal information. The data that may have been compromised includes customer name, email address, Total Tools password, mobile number, shipping address, and certain credit card information belonging to customers who shopped or registered on our website recently.

What Happened?

We were made aware of an issue with our website, and upon further investigation, we identified evidence of suspicious activity occurring. Our team, along with third-party forensic and cyber security experts took expedited steps to investigate the incident and assist with our response.

What Are We Doing?

    • We are confident that the issue which caused the incident has been removed from our website.
    • We are continuing to monitor our network, and undertaking additional processes to maximise our security.
    • We have informed the relevant authorities, including the Australian Cyber Security Centre and the Office of the Australian Information Commissioner.
    • We have set out below several precautions we recommend that impacted customers consider taking to lower the risk of their information being potentially misused.

Frequently Asked Questions (FAQs):

1. How do I know if I am affected by this incident?

If you recently shopped with us or received our notification email, your personal information may have been compromised.

2. Is it safe to shop online with Total Tools?

Yes. We are confident that the issue which caused the incident has been removed from our website. We are continuing to monitor our network closely. You can shop with confidence.

3. What should I do if I notice suspicious activity?

Immediately contact your bank or credit card provider to report the activity.

4. Will this affect the Total Tools Insider Rewards program?

No. The loyalty program operates on a separate system, and it is reasonable based on the extent of our forensic analysis to conclude that this has not been affected.

5. Has my financial information (e.g., credit card details) been exposed?

If you recently shopped with us, your credit card details may have been compromised. We recommend monitoring your financial accounts and report any unauthorised charges.

6. What should I do if I receive a suspicious email or message?

Do not click on, open, or open any links that look suspicious, or provide personal information. Verify the sender’s identity and, if in doubt, contact our support team by calling us on (03) 9123 6068 between 8.00am and 6.00pm Monday to Friday, or in writing anytime by email at customersecurity@totaltools.com.au.

7. What measures is Total Tools taking to secure customer data going forward?

We are confident in the steps we have taken as a result of this cyber incident to protect your information and our website. We continue to monitor our network closely and are committed to maintaining security standards.

8. Who can I contact for more information or assistance?

Should you have any questions, our dedicated Cyber Incident Team is ready to help and can be reached on (03) 9123 6068 between 8.00am and 6.00pm Monday to Friday, or you can contact us in writing anytime by email at customersecurity@totaltools.com.au.

9. Has the cyber incident been contained?

We are confident that the issue which caused the incident has been removed from our website. We are continuing to monitor our network, undertaking additional hardening of various IT systems, and strengthening our processes to maximise our security.

10. If my data has been illegally compromised, how can I protect myself?

Our cyber experts have recommended some specific steps that can be taken to lower the risk of your information being potentially misused:

      • Change your Passwords:
        • As part of our response, we are in the process of expiring all existing Total Tools passwords for impacted customers. We strongly encourage you to go to www.totaltools.com.au/customer/account/forgotpassword to update your password.
        • Update passwords for any other sites using the same password.
        • Use strong, unique passwords for each account.
      • Monitor Financial Accounts:
        • Check your bank statements, review all card transactions and report any unauthorised changes.
        • Set up transaction alerts with your financial institutions.
      • Watch for Scam Attempts:
        • Total Tools will never contact you asking for your password or sensitive information.
        • Remain alert to any suspicious emails and SMS or telephone communications that are disguised to look like they come from someone you know or trust.
        • Verify communications by confirming the identity of the sender. This includes checking email names and domains, by hovering your mouse over the sender’s email address. Other options include calling the sender where you know their number independently from the communications you have received and can verify their identity.
        • Do not respond to, open, or click on links that look suspicious. If you are unsure about a marketing / product link sent to you by a company, you should go to the company’s website and directly search for the product or service that was offered.
        • Be alert to phishing scams. This could include scams that target you through post, phone or email. Phishing scams are attempts by scammers to trick people into providing their personal information, including passwords, credit card numbers and/or sensitive personal information, often by creating a sense of urgency. Get further information about how to avoid scams at at www.scamwatch.gov.au.
        • Get further information about online safety, cyber security and helpful tips at htpps://www.cyber.gov.au
      • Lock or Replace your Card

Consider locking or replacing your credit card to prevent any fraudulent transactions.

      • Report Suspicious Activity

Report any suspicious activity on your accounts to your bank or credit card provider immediately.

      • Enable Two-Factor Authentication (When Available)

Two-Factor Authentication (2FA) adds an extra layer of security to your online accounts by requiring a password and also a unique code sent via SMS or an authentication app. This additional step significantly reduces the risk of unauthorised access. Whenever possible, enable 2FA on all your online accounts.

The Australian reports this in Tradies at risk as Total Tools hit with a data leak. It provides:

Hardware chain Total Tools has suffered a major data leak that is believed to have impacted 38,000 customers covering credit card numbers, email addresses and log-in details, in an act likely committed by professional cyber hackers.

Total Tools, owned by Metcash, has been working on the data leak for a number of days after it first discovered unusual and suspicious activity within its IT systems, The Australian can reveal, and is still investigating the true size and scope of the data leak.

After an initial investigation by a third party forensic cyber specialist, Total Tools is understood to have estimated that customer data linked to 38,000 of its shoppers has been illegally compromised.

The compromised information includes names, email addresses, credit card data and log-in details.

Total Tools chief executive Richard Murray said the company believed the cause of the data leak had been fixed, and it was writing to customers specifically impacted by the incident.

“The cyber incident has illegally compromised certain personal information, however Total Tools is confident that the cause of this incident has been removed from its website,” Mr Murray said on Thursday.

The data that has been illegally compromised includes customer name, email address, Total Tools password, mobile number, shipping address, and credit card details of customers who shopped or registered on our website recently.”

Mr Murray said as soon as the company identified the potential impact of the cyber incident, its team, along with a forensic and cyber security expert, took immediate steps to secure its website and assist with the response.

“We continue to work with this expert on this matter,” he said.

“Total Tools’ communications to impacted customers recommended precautions they can take to lower the risk of their information being potentially misused.

“In addition to contacting impacted customers, Total Tools has also implemented several additional cyber security measures to minimise the likelihood of this occurring again.”

Mr Murray, the former chief executive of JB Hi-Fi and boss of billionaire Solomon Lew’s Premier Investments’ retail arm, said Total Tools would keep customers updated.

“We are dedicated to supporting all impacted customers throughout this process and ensuring they can continue to shop instore and online at Total Tools with confidence.”

Earlier on Thursday, Total Tools’s website was momentarily shut down due to a technical error over the updating of prices, but this had nothing to do with the data leak.

Mr Murray said Total Tools alerted the Australian Cyber Security Centre and Office of the Australian Information Commissioner to the cyber incident.

Total Tools is the latest Australian business to have sensitive data taken in a cyber breach.

In late 2022 publicly-listed health insurer Medibank’s market value collapsed by $1.7bn as hackers linked to an online Russian criminal forum threatened to expose the health records and other sensitive information of millions of Australians.

Eventually the cyber attack, which compromised the records of 10 million customers, cost Medibank more than $30m and regulator APRA forced the insurer to set aside a capital adequacy requirement of $250m after “weaknesses” were identified in its IT infrastructure.

Telco Optus was another high-profile victim of data leaks and was later hit with legal action from the Australian Communications and Media Authority, which argued the carrier breached the Telecommunications (Interception and Access) Act 1979. It was later reported in The Australian that data breach cost Optus as much as $140m.

This year about half of Australia’s population was impacted by a cyberattack on MediSecure, a healthcare information service that provides electronic prescriptions and a prescription monitoring service.

Other Australian corporations that suffered data leaks and cyber attacks in recent years included tech company Canva, financial services company Latitude and a number of universities and health services.

It has also been reported in 9News, cyberdaily.au and Daily Security Daily.

Leave a Reply





Verified by MonsterInsights