Vinomofo has been hit by a cyber security incident in which customer details may have been accessed.
The company says an unauthorised third party unlawfully accessed its database on a testing platform that is not linked to its live Vinomofo website.
“We immediately engaged leading cyber security and forensic specialists (including IDCARE, Australia’s national identity and cyber support service) to investigate the claim and took steps to further secure our IT environment and strengthen our systems,” Vinomofo says in a letter to customers.
“We also reported the matter to the Australian Cyber Security Centre (ACSC) and the Office of the Australian Information Commissioner (OAIC).
“Our investigation established that customers’ and members’ information on our database on this testing platform was unlawfully accessed by a third party.
“However, our cyber security and forensic specialists have assessed that the risk to our customers and members by this information being accessed is low.
“Vinomofo does not hold identity or financial data such as passports, drivers’ licences or credit cards/bank details.
“While no passwords, identity documents or financial information were accessed, the database includes other information about customers and members.
“The information about you that was contained in the database that may have been accessed may include name, gender, date of birth, address, email address and phone number.”
Vinomofo says that, working with its IT experts, it has taken steps to further bolster the security of its technology systems to help prevent any similar incidents happening again.
“We are contacting you directly so you can take simple, precautionary steps to protect your information and avoid any potential scams,” Vinomofo says.
“We advise that you remain alert to any increased scam activity – especially email, SMS or telephone phishing scams – with fraudulent communications disguised to look like they come from an organisation you trust.”
Vinomofo customers with concerns can visit www.vinomofo.com/cyber-incident-faqs/