Home Services Class Actions Dymocks Data Breach Investigation

Dymocks Data Breach Investigation

Gordon Legal has commenced an investigation into the Dymocks data breach.

We understand that some 1.24 million customer records were stolen and published on the dark web in the data breach.

It would appear that the stolen records included customer names, gender information, addresses, email addresses, and dates of birth.

Dymocks says it became aware of the data breach on 6 September 2023.

As a result of our investigation, we have lodged a representative complaint with the Office of the Australian Information Commissioner (OAIC) on 25 September 2023 on behalf of our client and other persons impacted by the data breach.

On 28 May 2024, the OAIC informed us that Gordon Legal’s representative complaint has been accepted as being a valid complaint. This is the first step in the OIAC representative proceeding process.

Timeline

6 September 2023

Dymocks says that, on this date, it became aware of a data breach incident in which customer records were stolen and published on the dark web.

8 September 2024

Dymocks wrote to affected customers to inform them of the data breach identified two days prior and told them to change their passwords. This statement confirms that the stolen information includes dates of birth, postal addresses, email addresses, mobile numbers, gender information, and Dymocks membership details.

15 September 2023

Dymocks updated customers on the status of its investigations and told them that 1.24 million customer records were stolen. Dymocks informed customers that the breach appears to have occurred in the systems of an external data partner and that its investigation was on-going.

25 September 2023

Gordon Legal filed a representative complaint with the OAIC.

28 May 2024

The OAIC informed Gordon Legal that the representative complaint has been accepted.