Total Tools ~ Total Fools Data Breach

brian23309 on 19/09/2024 - 20:35
Last edited 19/09/2024 - 20:53 by 1 other user

Just received this email this afternoon. Another Total Fools.

We are writing to you, as you recently shopped on the Total Tools eCommerce website, to advise that we have experienced a cyber incident. Based on our investigations to date, we believe that regrettably, some of your personal information has or may have been compromised. This may include your first and last name, email address that was registered with your Total Tools account, Total Tools password, mobile number, shipping address, and credit card details.

What has happened?
We were made aware of an issue with our website, and upon further investigation, we identified evidence of suspicious activity occurring on our website. Our team, along with third-party forensic and cyber security experts, took expedited steps to secure our website and assist with our response.

We have set out below several precautions we recommend you consider taking to lower the risk of your information being potentially misused. Please take a moment to review these suggested precautions.

Should you have any questions, our dedicated Customer Service Team is ready to help and can be reached on (03) 9123 6068 between 8.00am and 6.00pm Monday to Friday, or you can contact us in writing anytime by email at [email protected].

Please accept my sincere apology for the impact of this cyber incident. I fully appreciate the frustration and concern that this may cause you. We are dedicated to supporting you and all impacted customers throughout this process, and ensuring that you can continue to shop instore and online at Total Tools with confidence.

Sincerely,
Richard Murray
CEO
Total Tools

General Discussion Data Breach

Related Stores

Total Tools
Total Tools

Comments

  • MS Paint on 19/09/2024 - 20:50
    +21

    Please accept my sincere apology

    He's all torque.

    • Twix on 19/09/2024 - 21:00
      +7

      Totally screwed.

      This may include your first and last name, email address that was registered with your Total Tools account, Total Tools password, mobile number, shipping address, and credit card details.

    • c64 on 19/09/2024 - 21:28
      +4

      they're total tools

  • freefall101 on 19/09/2024 - 21:24
    +9

    ensuring that you can continue to shop instore and online at Total Tools with confidence.

    lol, they were storing passwords and credit card numbers in a way that could be accessed externally. Unless they revamped their entire setup overnight, pretty sure there’s not much confidence to be had.

  • c64 on 19/09/2024 - 21:36
    +2

    thanks for the heads up. i changed the password and trashed the account. unfortunately the email address can not be changed on that crap site

  • Protractor on 19/09/2024 - 22:31
    +1

    My experience>
    This company has always had the worst online experience, (worst shopping site,account setup etc) incompetent stock levels, super suspect looking staff. I'm sure this security breach was inevitable. Glad I bought an extra long pole just before the breach so I can use it to not touch this sewer with it, going fwd.

    Good luck logging in to change PW etc. Locked out completely. More likely you can't get in.This company is a complete fuster cluck and has been from day one.
    Would not be shocked at all if this was an inside job .

    Opposite experience at Toolmart, by the way

    • AustriaBargain on 19/09/2024 - 22:58

      Looks like they are using Magento, from what I know that's only a good choice if you have many, many thousands of products.

    • morse on 20/09/2024 - 04:12

      Even just a standard order (not online) terrible customer service. Saying they are delivering the whole order one day, then the next week delivering part of the order. Out and out lying “yes they are in the van on the way” next minute “sorry we had a staff member call in sick” etc.

      • Protractor on 20/09/2024 - 09:38
        -1

        Not to mention their click bait model. ( Enticing item and pricing on special, getting all your data upfront only to discover 'no stock') Data gone

        • Protractor on 20/09/2024 - 13:01
          +1

          Negs show there's a TT fan or employee feeling offended. Suggest they read the supporting comments following a few of the TT specials on Ozb

  • Protractor on 20/09/2024 - 09:33
    +1

    I bet they have faceless / nameless offshore support in parts of the business model, pawing all over customer data.

    In any case it's time offshore support centres were binned in the name of security, sovereignty and local jobs. Big corporates can siphon of some of the top execs millions if they want to stop the profit bleeding.

    If this cyber incident impacts you directly, remember TT is a part of Metcash group, so if you feel inclined to take your business elsewhere, check out their other brands. Eg IGA etc

  • pauly85 on 20/09/2024 - 09:59

    Oof, unencrypted passwords and credit card details by the sound of it.
    That's as bad is it gets for the people involved.

  • leyton01 on 20/09/2024 - 11:53
    +1

    I suspect that it was transactions made during the website attack. Some people have been emailed about data breach, some have not. The ones I have heard from bought some of the discounted items.

    Would explain how they get passwords which would almost always be encrypted.

    • c64 on 20/09/2024 - 12:01

      that makes sense. personal details may have only been acquired when people logged into the compromised website. i only found out because of this post

    • MS Paint on 20/09/2024 - 13:09

      @brian23309 - can you confirm.

      I haven't received an email and didn't try to purchase any heavily discounted products.

      • mapax on 20/09/2024 - 13:40
        +1

        I haven’t received an email and DID try to purchase heavily discounted products…

      • brian23309 on 20/09/2024 - 15:34
        +1

        Yes I received the email but I haven’t purchased anything from there for 6 months already.

        • c64 on 20/09/2024 - 15:45

          oh well, scratch that hypothesis then

    • Protractor on 20/09/2024 - 13:37

      Have not bought anything from them for months, I still got an email.

      Ironically, in one act of monumental corporate negligence this "carny" type business has emphasised and justified why cash should be a viable option going fwd for consumers.

  • Ghost47 on 20/09/2024 - 18:48

    Pathetic, glad I've never shopped with them before. Really makes you wonder how many other companies out there that people shop online with have poor cybersecurity management practices.

    • Protractor on 20/09/2024 - 20:59
      +1

      The answer is ………………MOST.

      There's no regulatory goal posts with any punitive outcomes for breaches, aka govt DNGAF, in fact they structure the rules to favour the 'bent', as long as there's a few jobs or tax dribbling in. We have lazy govts, in there batting for the big boys. If there was a semblance of outcomes that hit the hip pocket of the scum owning/using/managing/profiting from our data (our custom) , we would have the basis for prevention of and accountability for ALL data breaches.

      You only have to look at fuel,telecoms,internet,alcohol & tobacco , and now our personal data to show how lazy and corrupt the Aust govt/s are. Pretty sure most data in govt hands is actually in American corporate hands.

  • Aniseed Steed on 22/09/2024 - 23:10
    +2

    I emailed the company for more details and this was their reply:

    "… we identified that:
    Customers who transacted or registered for an account on the Total Tools website between 3 July and 29 August 2024 may have had certain personal information illegally compromised by malware.

    The malware sought to skim personal information, including credit / debit card numbers, expiry dates and CVV numbers, as that information was entered into the checkout page.

    Prior to this incident, as part of our preventative security measures, on 11 May 2024, we disabled our ‘one-click checkout’ feature and customers’ ability to store their credit or debit card information.

    Any remaining credit or debit card data stored in our systems is limited to the last four digits of the card number, and is also secured through tokenisation consistent with industry practice. Our investigations indicate that none of this stored credit or debit card data was accessed as part of this cyber incident."

Login or Join to leave a comment
Login Join