Cyber Incident Victim: Idealwine
Date:
Oct 2022
Location:
France
Summary
An international fine wine online retailer experienced a data breach, prompting its e-shop to go offline while notifying potentially affected customers via email and a company blog. The breach compromised personal information including names, addresses, telephone numbers, and email addresses, though financial data remained unaffected as it was not stored on servers. Encrypted passwords were also reportedly uncompromised, but the firm urged customers to change credentials and remain vigilant against phishing attempts or suspicious communications. The company engaged cybersecurity experts and notified data privacy regulators in France and the UK, though it declined to confirm whether ransomware was involved or provide additional breach details.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The iDealwine data breach occurred during the weekend of October 15, 2022, impacting the international fine wine retailer's operations and customer data. The France-based company, with additional offices in Hong Kong and London, took its e-shop offline following the incident, replacing it with a brief explanatory message. Through email notifications and a blog post, iDealwine informed customers that attackers potentially accessed personal information including names, physical addresses, telephone numbers, and email addresses. The company confirmed financial data remained unaffected because credit card and bank details weren't stored on their servers. Encrypted passwords also reportedly avoided compromise, though iDealwine proactively advised customers to reset passwords as a precautionary measure.
In response to the breach, iDealwine engaged cybersecurity experts and notified data protection authorities in France and the United Kingdom. The company warned customers to remain vigilant against phishing attempts via email or phone, particularly from parties falsely claiming association with iDealwine or its partners. They provided specific guidance to avoid opening suspicious attachments or clicking unverified links while offering dedicated support through their mobilized team. As of October 19, the e-shop remained non-operational, and iDealwine declined to disclose further details about the attack's nature or scale when contacted by media. A related incident involving Australian wine merchant Vinomofo emerged concurrently, where attackers accessed similar customer data categories without obtaining financial credentials or passwords, though this stolen dataset reportedly appeared for sale online shortly after exposure.