🔒breach.co.nz · the NZ & Australia breach register 🛡️ A Govern service
Register › 🇦🇺 AU › Retail
Retail sector · leaderboard
Own the Retail leaderboard
The top banner across the Retail overview and every Retail record — one advertiser, exclusively.
Own this leaderboard → breach@govern.co.nz

Vinomofo

🇦🇺 Australia · Vinomofo Pty Ltd · Record AU-2022-0919
● Confirmed
People affected
928,760 (approx)
Breach date
2022-09
Regulator
OAIC — Privacy Commissioner determination (breach of APP 11.1)
Trust tier
A · Confirmed

Data exposed

Names, gender, dates of birth, contact information and some financial information Confirmed

Confidence: Confirmed = regulator/court · Company-confirmed = the organisation's own disclosure · Media-reported = press. Figures without an official source are labelled, not estimated.

What happened

In September 2022 the online wine retailer Vinomofo suffered a breach exposing customer personal information [vino-db]. In 2025 the Privacy Commissioner determined Vinomofo had breached Australian Privacy Principle 11.1 by failing to protect the data, and put the number affected at about 928,760 [vino-oaic]. Vinomofo had publicly described roughly 500,000 customers as at risk in 2022 [vino-db].

Current status

Resolved by determination. The 928,760 figure is the regulator’s; the company’s earlier ~500,000 figure is noted for context [vino-oaic], [vino-db].

Why it matters

A regulator determination naming a specific failure and figure is exactly the kind of official record this register is built on — confirmed fact, not estimate.

GGOVERN Tabletop Exercises · Govern house Strengthen your cyber resilience — rehearse the decisions that matter. Book a Discovery Call →