๐Ÿ”’breach.co.nz ยท the NZ & Australia breach register ๐Ÿ›ก๏ธ A Govern service
Register โ€บ ๐Ÿ‡ฆ๐Ÿ‡บ AU โ€บ Retail

Dymocks

๐Ÿ‡ฆ๐Ÿ‡บ Sydney, NSW ยท Dymocks Booksellers ยท Record AU-2023-0255
โ—‹ Reported โ€” awaiting official confirmation
Reported โ€” awaiting official confirmation. The facts below are drawn from the organisation's own disclosure and credible reporting. Figures are as reported; unknowns are labelled, not estimated by us.
People affected
836,000 (approx)
Breach date
2023-06
Regulator
OAIC (notified)
Trust tier
B ยท Reported

Data exposed

Names, dates of birth, email and postal addresses, membership details Media-reported

Confidence: Confirmed = regulator/court ยท Company-confirmed = the organisation's own disclosure ยท Media-reported = press. Figures without an official source are labelled, not estimated.

What happened

In September 2023 Dymocks Booksellers disclosed a breach affecting around 836,000 customer records โ€” names, dates of birth, email and postal addresses and membership details โ€” after customer data appeared on the dark web [bleeping-dymocks]. The breach is understood to have originated with a third-party provider.

Timeline

  • 2023-06 โ€” Unauthorised access believed to have occurred [bleeping-dymocks].
  • 2023-09 โ€” Dymocks disclosed the breach; ~836,000 customers affected [bleeping-dymocks].

Current status

Disclosed; customers notified. A class-action investigation was reported. Figures are as reported. [bleeping-dymocks]

Why it matters

A large consumer-retail breach reached through a third party โ€” the loyalty database, not the storefront, was the target.

GGOVERN Tabletop Exercises ยท Govern house Strengthen your cyber resilience โ€” rehearse the decisions that matter. Book a Discovery Call โ†’