Australia’s Woolworths suffered a major data breach after hackers stole personal data of 2.2 million users from its MyDeal website

Australia’s Woolworths Group announced Friday that the data of 2.2 million customers of a website it owns has been exposed. The company said its majority-owned online retailer owned, MyDeal, “identified that a compromised user credential was used to gain unauthorized access to its CRM system resulting in the exposure of some customer data.”

As part of the breach, an estimated 2.1 million of MyDeal’s customers had their personal identification information stolen, including 150,000 passports and 50,000 Medicare numbers, according to a report from 9 News Australia. An Australian government watchdog has since launched an investigation into the cause of the attack.

In a statement, Woolworths said: “MyDeal does not store payment, driver’s license or passport details and no customer account passwords or payment details have been compromised in this breach.” The company added that the Mydeal.com.au website and app had not been impacted.

The announcement comes less than a month after Australia’s second-largest mobile phone operator Optus suffered a major breach that compromised the data of up to 10 million customers. Optus, which is owned by Singapore Telecommunications Ltd, Optus said that hackers stole the personal details of up to 10 million customers in a “sophisticated” hack, but added no corporate clients were compromised.

MyDeal, owned 80% by Woolworths, said it was contacting the estimated 2.2 million affected customers and working with authorities to investigate the incident.

The number of data breach incidents has increased in recent years. In September, Rockstar’s parent company Take-Two Interactive Software was hacked, as hackers targeted 2K Games Support urging users to download malware. Take-Two said that a hacker had gained access to the help desk platform of its unit 2K Games and sent a malicious link to certain customers.

The cost of a data breach continues to skyrocket. According to a recent IBM study conducted by the Ponemon Institute, data breaches cost American companies on average more than $8 million per incident, with big breaches (more than 50 million records) costing $388 million.

Many of the biggest breaches are the result of a shift in how the increasingly digitized economy operates. As companies have embraced the cloud, data is no longer stored in electronic fortresses. As we reported a year ago, most cloud-related data breaches were caused by cloud misconfigurations, which now cost enterprises nearly $5 trillion.