Select Page

Incident: The Iconic promises refunds after a spate of fraudulent transactions on customer accounts | ABC News Australia

Posted by | Jan 9, 2024 | , , , , , , , , | 0 |

Incident: The Iconic promises refunds after a spate of fraudulent transactions on customer accounts | ABC News Australia

Australian Retail Breach, 09 January 2024

Australian retailer The Iconic, promises refunds after a spate of fraudulent transactions on customer accounts

While not directly hacked, the unauthorised third party used a technique known as ‘credential stuffing’

Company Statement: SUSPECTED UNAUTHORISED ACCESS
Source: The Iconic promises refunds after a spate of fraudulent transactions on customer accounts | ABC News Australia

View more incidents relating to Retail sector.

Update 11 Jan 2024: Customers of The Iconic at risk of being defrauded due to lack of payment verification measures | ABC News Australia
the online retailer also confirmed that a transaction “may be made” as it does not require a customer to verify their CVC numbers.

 

YouTube player

 

Online retailer The Iconic has vowed to refund customers who have been left out of pocket by thousands of dollars after their accounts were compromised and fraudulent orders were made without their permission.

Many customers have been left out of pocket by thousands of dollars and have struggled to contact The Iconic and get a timely response. The Iconic confirmed affected customers would be compensated.

The Iconic’s response stated says it has not been the victim of a cyber attack, but rather a credential stuffing attack, where hackers use leaked email and password combinations from other sites. The company vows to refund affected customers.

Credential stuffing attacks are possible because many users reuse the same username/password combination across multiple sites. This type of cyberattack in which the attacker collects stolen account credentials, typically consisting of lists of usernames or email addresses and the corresponding passwords (often from a data breach), and then uses the credentials to gain unauthorized access to user accounts on other systems through large-scale automated login requests directed against a web application.

As part of this investigation, we are working closely with expert cyber security partners to assess the impact of the incident. We have notified law enforcement authorities including the Police and the Australian Cyber Security Centre, as well as the Office of Australian Information Commission (OAIC). This investigation remains ongoing.

The Iconic Breach Statement

 

Rate:

About The Author

Steven Kirby

I provide independent and practical consultancy services through raising awareness and fostering the energy for change that delivers improved business management of information security governance, risk and compliance.

Related Posts

Australian national security contractor hit by hackers | Sky News

Australian national security contractor hit by hackers | Sky News

October 10, 2017

Incident: Panasonic Australia confirms cyber incident following Akira ransomware claim | cyberdaily.au

Incident: Panasonic Australia confirms cyber incident following Akira ransomware claim | cyberdaily.au

June 7, 2024

Incident: Coles confirms its customers impacted by Latitude Financial data breach | ABC News (Australia)

Incident: Coles confirms its customers impacted by Latitude Financial data breach | ABC News (Australia)

April 15, 2023

NZ Incident: NZ financial strategies provider hit by Windows NetWalker ransomware | iTWire

NZ Incident: NZ financial strategies provider hit by Windows NetWalker ransomware | iTWire

December 10, 2020

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Please follow the Source link to the original article to support the content owner. We only provide a brief summary with metadata to assist in categorisation.

More Australian News

Government agencies fail to disclose AI use | ABC NEWS
Government agencies fail to disclose AI use | ABC NEWS

Australia rejected an EU-style approach to regulating AI and tasked each government agency with managing its own use of the technology. The ABC can now reveal dozens of federal agencies [...]

AUSCERT Week in Review for 12th June 2026
AUSCERT Week in Review for 12th June 2026

Oracle has issued an urgent security advisory addressing a critical vulnerability in its widely used PeopleSoft platform, amid growing concerns that … [...]

Government agencies told to police own AI use missed first transparency test
Government agencies told to police own AI use missed first transparency test

Dozens of government bodies have failed the first test of policing their own use of AI, after Australia backed away from stricter European-style AI … [...]

Tony Burke announces ‘new program of work’ under Horizon 2 of the Australian Cyber Security Strategy
Tony Burke announces ‘new program of work’ under Horizon 2 of the Australian Cyber Security Strategy

Australia’s Minister for Home Affairs and Cyber Security has revealed an $89.3 million investment over four years to combat growing cyber threats. • … [...]

Australian government, Microsoft sign agreement strengthening cyber security
Australian government, Microsoft sign agreement strengthening cyber security

Microsoft and the Australian government have signed a fresh Memorandum of Understanding to strengthen cyber security in the face of emerging digital … [...]

Student data compromised in second University of Western Australia data breach in 6 months
Student data compromised in second University of Western Australia data breach in 6 months

The university’s Student Information Management System was exposed after access credentials were “unintentionally exposed online”. • Thu, 11 Jun 2026 … [...]

2 Mackay sugar mills shut down following cyber incident
2 Mackay sugar mills shut down following cyber incident

A cyber incident has led to operations at two sugar mills in the Mackay region of North Queensland being halted. • Thu, 11 Jun 2026 • … [...]

Services Australia privacy incident saw pensioner concession cards sent to the wrong recipients
Services Australia privacy incident saw pensioner concession cards sent to the wrong recipients

Services Australia has disclosed a privacy incident it detected last month, which led to the halting of the printing of pensioner concession cards. • … [...]

Marathon OAIC investigation finds Optus breached 51,000 customers' privacy
Marathon OAIC investigation finds Optus breached 51,000 customers' privacy

Optus faces an unknown bill for compensation for a privacy breach that came to light in 2019, that led to the erroneous publication of 51,000 … [...]

Starlink's near-monopoly raises sovereignty fears over SpaceX | ABC NEWS
Starlink's near-monopoly raises sovereignty fears over SpaceX | ABC NEWS

SpaceX's Starlink service has around 200,000 subscribers, including government agencies and major telcos partner with SpaceX to expand satellite phone coverage. It's prompted warnings over the reliance on a foreign-owned [...]

Privacy Commissioner finds against Optus in White Pages breach
Privacy Commissioner finds against Optus in White Pages breach

A determination issued by the Australian Privacy Commissioner Carly Kind found Optus interfered with the privacy of individuals whose personal … [...]

Parents warned after ‘cyber security breach’ at South Australia’s Reynella East College
Parents warned after ‘cyber security breach’ at South Australia’s Reynella East College

Investigations into the incident are ongoing, but the school warns that IT systems are expected to be offline for some time. • Thu, 11 Jun 2026 • … [...]

Shares
Share This

Discover more from Australian Cyber Aware

Subscribe now to keep reading and get access to the full archive.

Continue reading