Motorcycle Accessories Supermarket
MONTHLY CATALOGUE OUT NOW! SEE THE OFFERS HERE. Phone Auburn Store No: 02 9648 1400

FAQ of potential data breach

What has happened? 

The breach was discovered on 21 May 2018 when Motorcycle Accessories Supermarket’s (MCAS) IT Department found that an unknown unauthorised external party had intermittently remotely accessed a computer located at a MCAS store.

MCAS acted as soon as it became aware of the breach, initiating an extensive investigation.  This included a forensic examination of the computer in question (including hardware and software) and a thorough investigation of all computers within its network.

The investigation found that the incident was likely isolated to the computer, and there was no indication that any other MCAS computer had been accessed without authorisation. The investigation could not definitively conclude that the personal customer and supplier information stored on the computer in question had been accessed. These details were limited to basic personal information including names, addresses, phone numbers and email addresses, and did not include any financial data.

This unauthorised access did not originate from, or target the mcas.com.au website and customers should feel comfortable in continuing to purchase goods on the website in full confidence that it is secure.  

How could I be affected?

As a result of the unauthorised access, there is a possibility that the contact details of customers and suppliers stored on the computer may have been accessed, though the investigation proved inconclusive. The personal information that might have been accessed – names, addresses, phone numbers and email addresses – is not considered ‘high risk’.

Critically, it did not include any financial data, credit card numbers, dates of birth or passwords. All credit card payments for online purchases from MCAS are processed via an external secure payment gateway. MCAS never holds, or has access to, credit card numbers or information.

MCAS recommends you remain vigilant of potential security risks. Although unlikely, it may be possible for this information to be used maliciously. 

Anyone affected by this potential breach should remain vigilant to potential phishing scams (emails fraudulently seeking personal information), telephone scams (calls fraudulently seeking personal information) and identity theft (the use of personal information to create a fake identity to apply for services).  These recommendations are in line with safety and cyber security measures recommended in everyday online engagement.

When did you notify customers?

Customers and suppliers who may have been affected by this breach were notified within a few days of MCAS having completed its investigation and alerted the Office of the Australian Information Commissioner.  

Do we know who is responsible for the attack? 

Those responsible were not identified in the forensic investigation. The police and the Office of the Australian Information Commissioner have been notified and are aware of the incident.

Is there anything I should do?

Despite the modest risk that personal information was accessed, we recommend you remain alert to the common ways in which information could be used maliciously.

Anyone affected by this potential breach should be vigilant to potential phishing scams (emails fraudulently seeking personal information), telephone scams (calls fraudulently seeking personal information) and identity theft (the use of personal information to create a fake identity to apply for services). These recommendations are in line with safety and cyber security measures recommended in everyday online engagement.

Where can I go for more information?

More information and helpful tips on how you can protect yourself from these and other sorts of scams can be found on the Australian Competition and Consumer Commission website at www.scamwatch.gov.au.

Information is also available on the website of ACORN (Australian Cybercrime Online Reporting Network) in relation to:

How can you make sure this doesn’t happen again?

We have taken a number of steps to safeguard against any similar incidents occurring in the future. We have conducted an investigation into how the breach occurred, we have audited our security measures and IT policies and implemented additional measures, we have consulted with data security experts and we have alerted government agencies including the police and the Office of the Australian Information Commissioner.

We will continue to take all necessary measures to safeguard against any similar incidents occurring in the future. 

MCAS VIP