Woolworths MyDeal is the latest major service to be targeted in a cyber attack.

MyDeal.com.au, a subsidiary of the Woolworths Group, reports that data was exposed when its customer relationship management system was accessed by a “compromised user credential”.

Approximately 2.2 million customers were affected, and Woolworths Group says all affected MyDeal customers have been contacted by email. 

The leaked information includes names, dates of birth, phone numbers and addresses, but no payment, drivers licence or passport details.

Woolworths also says 1.2 million of the customers involved in the breach had only had their email addresses exposed, and that customers of its Everyday Rewards scheme did not have their data compromised. 

The Office of the Australian Information Commissioner (OAIC) says the Woolworths Group notified it of the MyDeal data breach. 

“The OAIC will engage with Woolworths to ensure compliance with the requirements of the Notifiable Data Breaches (NDB) scheme in accordance with our usual process,” it said in a statement.