OAIC statement on MyDeal data breach

15 October 2022

The Office of the Australian Information Commissioner (OAIC) confirms it has been notified by the Woolworths Group and made aware of the MyDeal data breach. Information on the breach is available on the MyDeal website here.

The OAIC will engage with Woolworths to ensure compliance with the requirements of the Notifiable Data Breaches (NDB) scheme in accordance with our usual process.

The initial focus is on ensuring that MyDeal customers are notified and have information and resources available to take steps to protect themselves from any further risk to their personal information. Following a breach, individuals need to be alert to scams and any suspicious or unexpected activity on their personal accounts or devices. Check the Scamwatch website for information.

Under the NDB scheme, organisations covered by the Privacy Act 1988 must notify affected individuals and the OAIC as quickly as possible if they experience a data breach that is likely to result in serious harm to individuals whose personal information is involved.

The NDB scheme ensures individuals are informed and can take steps to protect themselves from any further risk.

Under the Privacy Act, organisations have obligations to protect against unauthorised access, unauthorised disclosure or loss of personal information. When a breach occurs, an organisation should contain the breach and take remedial action.

Further information on how organisations should respond to breaches is available on the OAIC website as well as advice for individuals.