Recent Cyber Incident
Overview:
Total Tools has experienced a cyber incident on its website that resulted in the compromise of some customers' personal information. The data that may have been compromised includes customer name, email address, Total Tools password, mobile number, shipping address, and certain credit card information belonging to customers who shopped or registered on our website recently.
What Happened?
We were made aware of an issue with our website, and upon further investigation, we identified evidence of suspicious activity occurring. Our team, along with third-party forensic and cyber security experts took expedited steps to investigate the incident and assist with our response.
What Are We Doing?
- We are confident that the issue which caused the incident has been removed from our website.
- We are continuing to monitor our network, and undertaking additional processes to maximise our security.
- We have informed the relevant authorities, including the Australian Cyber Security Centre and the Office of the Australian Information Commissioner.
- We have set out below several precautions we recommend that impacted customers consider taking to lower the risk of their information being potentially misused.
Frequently Asked Questions (FAQs):
1. How do I know if I am affected by this incident?
If you recently shopped with us or received our notification email, your personal information may have been compromised.
2. Is it safe to shop online with Total Tools?
Yes. We are confident that the issue which caused the incident has been removed from our website. We are continuing to monitor our network closely. You can shop with confidence.
3. What should I do if I notice suspicious activity?
Immediately contact your bank or credit card provider to report the activity.
4. Will this affect the Total Tools Insider Rewards program?
No. The loyalty program operates on a separate system, and it is reasonable based on the extent of our forensic analysis to conclude that this has not been affected.
5. Has my financial information (e.g., credit card details) been exposed?
If you recently shopped with us, your credit card details may have been compromised. We recommend monitoring your financial accounts and report any unauthorised charges.
6. What should I do if I receive a suspicious email or message?
Do not click on, open, or open any links that look suspicious, or provide personal information. Verify the sender's identity and, if in doubt, contact our support team by calling us on (03) 9123 6068 between 8.00am and 6.00pm Monday to Friday, or in writing anytime by email at customersecurity@totaltools.com.au.
7. What measures is Total Tools taking to secure customer data going forward?
We are confident in the steps we have taken as a result of this cyber incident to protect your information and our website. We continue to monitor our network closely and are committed to maintaining security standards.
8. Who can I contact for more information or assistance?
Should you have any questions, our dedicated Cyber Incident Team is ready to help and can be reached on (03) 9123 6068 between 8.00am and 6.00pm Monday to Friday, or you can contact us in writing anytime by email at customersecurity@totaltools.com.au.
9. Has the cyber incident been contained?
We are confident that the issue which caused the incident has been removed from our website. We are continuing to monitor our network, undertaking additional hardening of various IT systems, and strengthening our processes to maximise our security.
10. If my data has been illegally compromised, how can I protect myself?
Our cyber experts have recommended some specific steps that can be taken to lower the risk of your information being potentially misused:
-
Change your Passwords:
- As part of our response, we are in the process of expiring all existing Total Tools passwords for impacted customers. We strongly encourage you to go to www.totaltools.com.au/customer/account/forgotpassword to update your password.
- Update passwords for any other sites using the same password.
- Use strong, unique passwords for each account.
-
Monitor Financial Accounts:
- Check your bank statements, review all card transactions and report any unauthorised changes.
- Set up transaction alerts with your financial institutions.
-
Watch for Scam Attempts:
- Total Tools will never contact you asking for your password or sensitive information.
- Remain alert to any suspicious emails and SMS or telephone communications that are disguised to look like they come from someone you know or trust.
- Verify communications by confirming the identity of the sender. This includes checking email names and domains, by hovering your mouse over the sender’s email address. Other options include calling the sender where you know their number independently from the communications you have received and can verify their identity.
- Do not respond to, open, or click on links that look suspicious. If you are unsure about a marketing / product link sent to you by a company, you should go to the company’s website and directly search for the product or service that was offered.
- Be alert to phishing scams. This could include scams that target you through post, phone or email. Phishing scams are attempts by scammers to trick people into providing their personal information, including passwords, credit card numbers and/or sensitive personal information, often by creating a sense of urgency. Get further information about how to avoid scams at at www.scamwatch.gov.au.
- Get further information about online safety, cyber security and helpful tips at htpps://www.cyber.gov.au
- Lock or Replace your Card
Consider locking or replacing your credit card to prevent any fraudulent transactions.
- Report Suspicious Activity
Report any suspicious activity on your accounts to your bank or credit card provider immediately.
- Enable Two-Factor Authentication (When Available)
Two-Factor Authentication (2FA) adds an extra layer of security to your online accounts by requiring a password and also a unique code sent via SMS or an authentication app. This additional step significantly reduces the risk of unauthorised access. Whenever possible, enable 2FA on all your online accounts.
For further assistance, our dedicated Cyber Incident Team is ready to help and can be reached on (03) 9123 6068 between 8.00am and 6.00pm Monday to Friday, or you can contact us in writing anytime by email at customersecurity@totaltools.com.au.
We are dedicated to supporting you and all impacted customers throughout this process, and ensuring that you can continue to shop instore and online at Total Tools with confidence.