Popular international fine wine online retailer iDealwine has suffered a data breach during the past weekend, and has yet to reveal the number of customers affected.
Its e-shop is still offline, showing a brief explanatory message, and the firm has informed all potentially affected customers about the cyberattack via email (also via the company blog).
iDealwine data breach: What happened?
iDealwine is an e-merchant based in France, with offices in Hong Kong and London. It specializes in online auctions and fixed-price sales of fine wine, and provides information about news and trends in the wine industry.
The company revealed it has contacted experts to deal with the issue, as well as the data privacy regulators in France and UK.
It has informed its customers that their name, address, telephone number and email address may have been compromised. Customers’ credit card/bank information has not been compromised, since it’s not stored on company servers.
According to the notification, customers’ passwords, which are encrypted, have also not been compromised, although the company still urges clients to change them and beware of unexpected emails and unsolicited phone calls – “especially if they claim to come from iDealwine or its partners”.
“Do not open emails or attachments if you have any doubts about their source, and do not click on any links you are unsure of. Please contact us if you have any doubts or questions, our team is fully mobilised to assist you,“ the company added.
iDealwine has not disclosed if they are dealing with a ransomware attack. We have contacted the company and asked for more information about the breach, but haven’t heard back yet.
UPDATE (October 20, 2022, 07:55 a.m. ET):
iDealwine has declined to offer a comment or information about the data breach.
In related news, there has been an earlier data breach at another wine e-merchant: Australian-based Vinomofo has suffered a security breach that resulted in names, dates of birth, addresses and contact details of its customers being accessed by the attackers.
The company has not disclosed the number of affected customers, but believes the risk for the clients is low since the attackers did not have access to data such as passports, credit card details, driver’s licenses, or passwords.
The stolen data is purportedly already being sold online.