πŸ”’breach.co.nz Β· the NZ & Australia breach register πŸ›‘οΈ A Govern service
Register β€Ί πŸ‡¦πŸ‡Ί AU β€Ί Retail

Sydney Tools

πŸ‡¦πŸ‡Ί Sydney, NSW Β· Sydney Tools Pty Ltd Β· Record AU-2025-0203
β—‹ Reported β€” awaiting official confirmation
Reported β€” awaiting official confirmation. The facts below are drawn from the organisation's own disclosure and credible reporting. Figures are as reported; unknowns are labelled, not estimated by us.
People affected
Not disclosed
Breach date
2025-03
Regulator
OAIC (notifiable)
Trust tier
B Β· Reported

Data exposed

~34 million customer and order records exposed via a misconfigured database Media-reported

Confidence: Confirmed = regulator/court Β· Company-confirmed = the organisation's own disclosure Β· Media-reported = press. Figures without an official source are labelled, not estimated.

What happened

In March 2025 researchers reported that hardware retailer Sydney Tools had left a database misconfigured and publicly accessible, exposing around 34 million customer and order records [cybernews-st]. This was an exposure through misconfiguration rather than a hack. The number of distinct individuals affected was not officially confirmed and is not estimated here.

Timeline

  • 2025-03 β€” Misconfigured database found publicly exposing ~34M records [cybernews-st].

Current status

Reported; access reportedly closed after disclosure. Figures reflect the researcher findings. [cybernews-st]

Why it matters

A textbook cloud-misconfiguration exposure β€” a reminder that breaches don’t always require an attacker, just a setting left open.