Cyber Incident FAQs
1. What happened?
Vinomofo experienced a cyber security incident where an unauthorised third party unlawfully accessed one of our databases.
We immediately engaged leading cyber security and forensic specialists to investigate the claim and took steps to further secure our IT environment and strengthen our systems.
We also reported the incident to the Australian Cyber Security Centre (ACSC) and the Office of the Australian Information Commissioner (OAIC).
2. When did the incident happen?
Vinomofo was alerted to a suspected cyber security incident in late 2022. As soon as this happened, we immediately commenced an investigation to ascertain whether a cyber security incident had actually occurred, appointing leading cyber security and forensic specialists.
3. How did the incident happen?
A third party unlawfully accessed one of Vinomofo’s databases that was not linked to our live Vinomofo website. As soon as we were alerted to the suspected cyber security incident, we took immediate steps to further secure our IT environment and bolster our technology systems to help prevent any similar incidents happening again.
4. What information was accessed?
While the investigation found no passwords or financial information were accessed, the database includes other information about customers and members.
The information contained in the database that was accessed may include name, gender, date of birth, address, email address and phone number.
5. When did Vinomofo notify customers?
Once alerted to the suspected cyber security incident, Vinomofo immediately engaged leading cyber security and forensic specialists to investigate the incident.
When the investigation established unlawful access to one of Vinomofo’s databases had occurred, we began notifying all customers and members about the precautionary steps that they could take to protect their information and privacy.
6. Has the investigation been completed?
Yes, Vinomofo’s investigation has been completed.
7. Has my information been published online?
Our investigation established that an external third party posted a sample of the illegally accessed Vinomofo information externally. However, our cyber security and forensic specialists have assessed that the risk to our customers from this information being accessed is low.
Our ongoing monitoring has indicated no other information to have been published by the external third party at this time, beyond this initial sample of information.
Vinomofo does not hold identity or financial data such as passports, drivers’ licences or credit cards/bank details. Further, the investigation established no passwords, identity documents or financial information were accessed.
We understand the importance that people place upon their personal information, so please see the question ‘What should I do to protect myself?’ for more information about online safety, cyber security and helpful tips. If you have any further questions, please contact firstname.lastname@example.org.
8. Why did Vinomofo have my details in the first place?
9. Can I request that Vinomofo delete my information from its database?
Yes. Our customers have always been able to request this. Any customer can request that we delete the personal information we hold about them at any time, and we will take reasonable steps to delete their personal information from our current records. If you would like your information removed, please contact email@example.com Your request will be responded to within a reasonable time (generally 30 days), in accordance with Australian privacy law.
10. What should I do to protect myself?
We advise that you remain alert to any increased scam activity – especially email, SMS or telephone phishing scams – with fraudulent communications disguised to look like they come from an organisation you trust.
We recommend that you:
- Remember that good organisations do not contact you and ask you to “prove” who you are. If someone calls you unexpectedly claiming to be from an organisation, consider hanging up and calling them back on a known and trusted number.
- Look out for contact from scammers who may have your personal information. This may include suspicious emails, texts, phone calls or messages on social media. Protect yourself from scams.
- Never click on any links that look suspicious and never provide your passwords, or any personal or financial information. It is good practice to have up-to-date anti-virus software installed on any device you use to access your emails. Scamwatch also provides helpful guidance on how to spot a scam.
- Consider changing your email account passwords. Make sure you use strong passwords that you do not use for other accounts. Enabling multi-factor authentication is a good idea where possible.
While your Vinomofo account password is still safe to use, it’s a good idea to regularly change your password. You may wish to update your password as a precautionary measure.
11. Where can I find more information?
If you have any questions, please contact firstname.lastname@example.org.