Woolworths says data of online unit's 2.2 mln users breached

People walk past a Woolworths supermarket in Sydney
People walk past a Woolworths supermarket following the easing of restrictions implemented to curb the spread of the coronavirus disease (COVID-19) in Sydney, Australia, June 16, 2020. Picture taken June 16, 2020. REUTERS/Loren Elliott

Oct 14 (Reuters) - Australia's Woolworths Group Ltd (WOW.AX) said on Friday its majority-owned online retailer MyDeal identified that a "compromised user credential" was used to access its systems that exposed data of nearly 2.2 million users.

The news comes just weeks after Australia's second-largest mobile phone operator Optus suffered a breach that compromised data of up to 10 million customers - one of the biggest such incidents - triggering an overhaul of the country's consumer privacy rules.

The latest cyber attack follows two other instances since Optus - a "small breach" at Australia's largest telecommunications firm Telstra Corp Ltd (TLS.AX) and health insurer Medibank Private(MPL.AX) detecting unusual activity on its network.

MyDeal's exposed customer data includes names, email addresses, phone numbers, delivery addresses, and in some instances date of birth of the customers, the Sydney-based retailer said.

It further clarified that MyDeal's website and application were not impacted, and none of the other platforms of Woolworths group were compromised.

MyDeal, owned 80% by the top grocer, said it was contacting the affected customers and working with authorities to investigate the incident.

Reporting by Sameer Manekar in Bengaluru; Editing by Savio D'Souza and Dhanya Ann Thoppil

Our Standards: The Thomson Reuters Trust Principles.