Australia
Argentina 
Austria 
Brazil 
Canada 
Chile 
Czechia 
France 
Germany 
Greece 
Italy 
Mexico 
New Zealand 
Nigeria 
Norway 
Poland 
Portugal 
Sweden 
Switzerland 
United Kingdom 
United States Vinomofo suffers security breach
Online wine retailer Vinomofo has alerted a large number of contacts that there has been a data breach.
In the past few minutes, iTWire received an email from Vinomofo alerting to a recent breach (they don’t say when this occurred).
Of interest is that this writer has never purchased from the company and in fact our ONLY contact with the company was in May 2012 when we (rather churlishly) criticised the organisation for their choice of name (we remain churlish!).
Clearly this means that they have held information for over a decade in a location that the ‘bad dudes’ were able to access, but fortunately, as far as this writer is concerned, all that could be accessed was our name and email address (hardly a secret in anyone’s book!). This probably means that the 'bad dudes' have captured the company's entire contact database.
Below is the full email that we received. The reference to NOT collecting “passwords, identity documents or financial information” was an interesting poke in the eye of Optus. We have responded to the email address for a more detailed response.
 |
Hi David,
I am writing to provide you with some important information about a recent cyber security incident at Vinomofo.
Vinomofo experienced a cyber security incident where an unauthorised third party unlawfully accessed our database on a testing platform that is not linked to our live Vinomofo website.
We immediately engaged leading cyber security and forensic specialists (including IDCARE, Australia’s national identity and cyber support service) to investigate the claim and took steps to further secure our IT environment and strengthen our systems.
We also reported the matter to the Australian Cyber Security Centre (ACSC) and the Office of the Australian Information Commissioner (OAIC).
Our investigation established that customers’ and members’ information on our database on this testing platform was unlawfully accessed by a third party. However, our cyber security and forensic specialists have assessed that the risk to our customers and members by this information being accessed is low.
Vinomofo does not hold identity or financial data such as passports, drivers’ licences or credit cards/bank details.
While no passwords, identity documents or financial information were accessed, the database includes other information about customers and members.
The information about you that was contained in the database that may have been accessed may include name, gender, date of birth, address, email address and phone number.
Working with our IT experts, we have taken steps to further bolster the security of our technology systems to help prevent any similar incidents happening again.
We are contacting you directly so you can take simple, precautionary steps to protect your information and avoid any potential scams.
We advise that you remain alert to any increased scam activity – especially email, SMS or telephone phishing scams – with fraudulent communications disguised to look like they come from an organisation you trust.
We recommend that you:
Remember that good organisations do not contact you and ask you to “prove” who you are. If someone calls you unexpectedly claiming to be from an organisation, consider hanging up and calling them back on a known and trusted number.
Look out for contact from scammers who may have your personal information. This may include suspicious emails, texts, phone calls or messages on social media. Protect yourself from scams. Never click on any links that look suspicious and never provide your passwords, or any personal or financial information. It is good practice to have up-to-date anti-virus software installed on any device you use to access your emails. Scamwatch also provides helpful guidance on how to spot a scam.
Consider changing your email account passwords. Make sure you use strong passwords that you do not use for other accounts. Enabling multi-factor authentication is a good idea where possible.
While your Vinomofo account password is still safe to use, it’s a good idea to regularly change your password. You may wish to update your password as a precautionary measure.
You can find further information about online safety, cyber security and helpful tips to protect yourself at the Australian Cyber Security Centre or the ACCC’s Scamwatch website.
If you have any outstanding concerns, we have partnered with IDCARE to provide specialist case management support. IDCARE’s service are at no cost to you. Their expert case managers can be booked online at a time that suits you during business hours (9am to 6pm AEDT). If you wish to engage IDCARE, please complete a Get Help form for individuals at idcare.org or contact 1800 595 160, quoting reference VMF22.
We take the privacy and the protection of customer information very seriously and I apologise for any concern or inconvenience the incident has caused.
We have taken this matter very seriously and we understand you may want to know more. You can access more information on our website at: www.vinomofo.com/cyber-incident-faqs/
If you have any questions, please contact privacy@vinomofo.com.
Yours sincerely,
Paul Edginton
Vinomofo CEO
