Cyber Incident Victim: Dymocks Booksellers

Dymocks Booksellers, an Australian nationwide bookstore chain, initiated an investigation into a potential cybersecurity incident after detecting indications that customer records might have been compromised. The company first became aware on September 6, 2023, that its systems may have been breached, prompting immediate engagement with cybersecurity experts to assess the situation. Preliminary findings revealed discussions on dark web forums suggesting the availability of Dymocks customer data, though the exact scope and method of exfiltration remained under investigation at the time of reporting. Managing Director Mark Newman notified customers via email that potentially exposed information included dates of birth, postal addresses, email addresses, mobile phone numbers, genders, and membership card details such as account numbers and expiry dates. The company confirmed financial data was not impacted due to its policy of not storing such customer information.

Dymocks advised customers to monitor bank accounts for unauthorized transactions, particularly those related to Booklovers accounts, and to change passwords for their Dymocks accounts and other online services as a precautionary measure. Newman emphasized the investigation was in its early stages and could not yet determine which specific customers were affected or confirm the full extent of the breach. The retailer committed to providing updates as the forensic examination progressed, with cybersecurity advisers assisting in determining the breach's origin and impact. No ransomware claims or attacker identities were disclosed in the initial notification. Customers were urged to remain vigilant while Dymocks worked to establish the timeline of events and secure its systems. The company maintained operational continuity during the investigation but faced reputational risks from potential exposure of sensitive personal data.