Family Favorite Dymocks Warns Customers Of A DataBreach

Well-known books retailer and family favourite store -Dymocks customers were sent an email on Friday afternoon detailing that some of their information may have been leaked and asking them to be “vigilant”, change their passwords and monitor their bank accounts for “any unauthorised activity”.

On a Friday afternoon, nice try.

Same issue time and time again.

If we are seeing a message such as this being set out then you can guarantee it’s not ‘may’, it means it has occurred. When this event occurred is yet to be uncovered but most likely the hackers were in there for quite some time and had access to a lot. I’m sympathetic to all business and I started our company specifically for the sole purpose of helping companies meet their privacy compliance obligations, but seriously c’mon. When is it going to be enough for business to say – Okay time to do something about this NOW.

Dymocks said customers’ postal addresses, birthdates, email addresses, mobile numbers, gender and membership details might have been compromised.

“On 6 September 2023, Dymocks became aware that an unauthorised party may have access to (sic) some of our customer records,” the company said in a statement.

“As soon as we became aware of the Incident, we, together with our cybersecurity advisers, launched an investigation to assess what happened.

“While our investigation is ongoing and at the early stages, our cybersecurity experts have found evidence of discussions regarding our customer records being available on the dark web.”

So wait what? our ‘experts’ found evidence of discussions regarding our customer records on the dark web.

1st red flag

This reads as if Dymocks has found out about the breach by reading about the conversations on the dark web. Dymocks said it did not know which or how many customers had been impacted or how the breach occurred.

2nd red flag

Or how the breach occurred, which means my concerns on the red flag one are probably correct. Given that passwords might be on the dark web, Dymocks said customers should change the passwords for their online accounts — including their Dymocks accounts and social media accounts — and monitor their bank accounts.

3rd red flag

And monitor their bank accounts? – I mean c’mon people when will businesses realise they are responsible for protecting this stuff? The consumer (inc me) purposefully shops at businesses such as this to do their bit to look after small to medium businesses so honour that relationship and do your bit to look after our personal data.

“We will continue to undertake a thorough investigation of the incident in accordance with the applicable laws,” Dymocks said.

“We will continue to keep you informed because we take the security of your personal information seriously and we are committed to being open and transparent.”

Same old music going around the same old merry-go-round.

On a more positive note

Yes it is complicated, and yes it is scary, confusing and hard to deal with but simply burying this into an old risk register for later on is a destined failure. Come talk to us at DataBench as we have automated solutions specifically targeted for small to medium businesses to help prevent this exact activity. The solutions are out there, just step up and take it.

Don’t be the next public victim, act now and talk to us. It is the simplest thing you will do this week, or next.

We are an Australian business here for Australian businesses.  – (

More Blog Posts