A team of researchers have uncovered an unsecured Clickhouse database linked to Australian retailer Sydney Tools, exposing a vast trove of sensitive information, including over 34 million online orders and 5,000 current and former employee records.
Sensitive Customer & Employee Data Left Unprotected
The compromised database contains full names, email addresses, phone numbers, home addresses, and order details of customers. Alarmingly, it also includes employee salaries, sales targets, and branch locations, making it a goldmine for cybercriminals.
Despite repeated attempts to alert Sydney Tools, the database remains publicly accessible, raising concerns about potential misuse. Although it remains unclear whether threat actors have already accessed the data, experts warn that such exposure could fuel identity theft, phishing attacks, and even physical theft—especially targeting customers who purchased high-value tools.
Now Open: Pan-India Registration for Fraud Investigators!
A Growing Trend of Retail Cyber Incidents
This breach echoes a similar case involving US home improvement giant Home Depot last year. In April, a database containing the personal details of over 10,000 employees was leaked on the dark web by notorious hacker IntelBroker. The data dump, posted on BreachForums, included names, email addresses, and user IDs, allegedly obtained due to a phishing attack on a third-party SaaS vendor.
While Home Depot confirmed that no financial details were compromised, cybersecurity experts warned that attackers could leverage the leaked information for further breaches, fraud, and network infiltration.
Empanelment for Speakers, Trainers, and Cyber Security Experts Opens at Future Crime Research Foundation
The Urgent Need for Stronger Data Security
The Sydney Tools and Home Depot incidents highlight the ongoing risks of exposed databases and third-party vulnerabilities. Organizations must prioritize cybersecurity measures, conduct regular security audits, and respond swiftly to breach notifications to prevent unauthorized access to sensitive data.
With cybercrime evolving rapidly, data security cannot be an afterthought—it must be a top priority.