A database breach at Australian retailer Sydney Tools has exposed more than 34 million online order records and employee data. This includes addresses, salary amounts and details of products ordered.
The company left its Clickhouse database open, allowing anyone to view sensitive information without needing to log in. The stolen data included names, addresses, phone numbers, emails, details of tools purchased, and personal details of around 5,000 employees, including salaries and sales plans. Most worryingly, the database remains accessible despite repeated attempts by cybersecurity researchers to contact the company. They also contacted the Australian Signals Directorate after the information was released, but have yet to receive a response.
Sydney Tools is one of the largest professional tools retailers in Australia, similar to the American Home Depot. Although the company officially reports 1,000 employees, the database contained information on a much larger number of people, indicating that the data of former employees may have been leaked. According to researchers, this amount of information opens up a wide range of opportunities for targeted attacks, especially through phishing, fraud and social engineering methods aimed at high-value customers and employees with high salaries.
The Sydney Tools incident demonstrates the disastrous consequences of a negligent attitude to cybersecurity in the retail industry. The data leak not only puts thousands of customers and employees at risk, but also creates a space for physical theft and fraud. The company urgently needs to not only close the vulnerable database, but also publicly report the incident, provide instructions to its customers and conduct a comprehensive audit of its cyber infrastructure.
205 
171 
156 