MyDeal, which is majority owned by Woolworths, today “identified that a compromised user credential was used to gain unauthorised access to its Customer Relationship Management (CRM) system resulting in the exposure of some customer data”.

The company is in the process of contacting the estimated 2.2 million impacted people by email, Woolworths said in a statement.

The data that has been accessed includes customer names, email addresses, phone numbers, delivery addresses, and in some instances, the date of birth of the customer for anyone who has had to prove their age when buying alcohol.

For 1.2 million customers, only their email addresses were exposed, the company said.

“MyDeal does not store payment, drivers licence or passport details and no customer account passwords or payment details have been compromised in this breach,” Woolworths said.

It said the Mydeal.com.au website and app had not been impacted.

Read Related Also: Does Stanley Tucci Have Illness Now After Cancer? Health Update To know

There has also been “no compromise of any other Woolworths Group platforms or the Woolworths Group customer or Everyday Rewards records”.

“We apologise for the considerable concern that this will cause our affected customers,” MyDeal CEO Sean Senvirtne said.

“We have acted quickly to identify and mitigate unauthorised access and have increased the monitoring of networks.

“We will continue to work with relevant authorities as we investigate the incident and we will keep our customers fully informed of any further updates impacting them.”

Woolworths Group chief security officer Pieter van der Merwe said the company’s “cyber security and privacy teams are fully engaged and working closely with MyDeal to support the response”.

Customers who are not contacted have not had their details accessed, Woolworths said.