What happened
In September 2024 the hardware and tools retailer Total Tools disclosed a breach affecting around 38,000 customers, exposing names, email addresses, login credentials and credit-card information [tt-cd], [tt-ct]. Total Tools notified the ACSC and OAIC.
Current status
Disclosed. The ~38,000 figure and the card-data detail come from the companyβs own statements [tt-cd], [tt-ct].
Why it matters
Login credentials and card data together give attackers both account takeover and payment fraud β a high-harm combination for retail customers.