Sydney Tools, a major Australian retailer comparable to Home Depot, suffered a significant data breach exposing the personal information of millions of customers and thousands of employees. A poorly secured ClickHouse database leaked sensitive data, highlighting critical security vulnerabilities.
Exposed Data: Employees and Customers Affected
The exposed database contained over 5,000 records of current and former Sydney Tools employees. This included names, surnames, branches of employment, salaries, and sales targets. “Information Sydney Tools is leaking.
Sample of the leaked data
Cybernews.
“This can aid cybercriminals in the surprisingly common crime of tool theft, as well as more standard cybercrimes such as identity theft, phishing, or spam campaigns,” researchers stated.
The discrepancy between the reported 1,000 employees and the 5,000 records in the database suggests past employees’ data was also compromised. This poses a significant risk, as malicious actors could use this information for spear-phishing attacks, targeting high earners in particular.
More alarmingly, the breach exposed over 34 million online order entries. This compromised data included customer names, email addresses, home addresses, phone numbers, and details of purchased items.
“The leaked data is sensitive as it included extensive personally identifiable information in large volumes, as well as sensitive information regarding which customers purchased expensive items, and the salaries of their employees,” researchers noted.
This sensitive data allows for highly targeted attacks, such as personalized phishing emails referencing specific purchases to trick victims into revealing further information.
The exposed database remains accessible, despite attempts to contact Sydney Tools. The company has yet to provide an official comment.