Cyber Incident Victim: Vinomofo
Date:
Oct 2022
Location:
Australia
Summary
An Australian wine retailer experienced unauthorized access to a customer database on a testing platform, potentially exposing personal information including names, genders, dates of birth, addresses, email addresses, and phone numbers. The company asserted that financial data and identification documents were not stored, minimizing direct risks, but acknowledged heightened phishing threats due to the compromised details. Reports indicated approximately 500,000 customers might have been affected by the breach, which occurred amid a series of high-profile Australian cyber incidents. The attackers reportedly attempted to sell the stolen data online, releasing a sample to validate their claims.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In October 2022, Australian wine retailer Vinomofo disclosed a cybersecurity incident involving unauthorized access to customer data. The breach occurred when an attacker infiltrated a database hosted on a testing platform used by the company. According to a customer notification letter published by security researcher Troy Hunt on October 18, 2022, the compromised database contained personal information including names, genders, dates of birth, addresses, email addresses, and phone numbers. Vinomofo emphasized that more sensitive details such as passport numbers, driver's licenses, and financial information were not stored in the affected system. The company estimated that approximately 500,000 customers could have been impacted by the exposure, though precise confirmation of affected individuals remained unclear. Vinomofo characterized the risk to customers as low but acknowledged the potential for phishing attacks leveraging the stolen data. No technical details regarding the attack vector, intrusion detection timeline, or containment measures were disclosed in available sources.
The Vinomofo breach occurred amid a series of high-profile Australian data exposures that month. MyDeal, a subsidiary of Woolworths Group, had recently announced a separate compromise affecting 2.2 million customers through its CRM systems, while telecommunications provider Optus disclosed a September breach impacting over two million individuals. Evidence cited by Hunt indicated that actors claiming responsibility for the Vinomofo breach attempted to monetize the stolen data by offering it for sale on cybercriminal forums, releasing a limited sample to establish credibility. The exposure of personally identifiable information created substantiated risks of targeted phishing campaigns against affected customers, though no direct evidence of such exploitation was documented in initial reports. The incident highlighted systemic cybersecurity challenges affecting multiple Australian consumer-facing organizations during this period.