Woolworths has warned customers that digital fraudsters may have stolen their loyalty points in a nationwide scam.
The Woolworths Rewards program allows customers who collect points to turn them into cash discounts or Quantas points.
Eligible stores include Woolworths supermarkets, BWS and BIG W.
Yesterday, a Woolworths spokesperson said scammers had redeemed points from about 130 Woolworths Rewards member accounts in the past few months.
They did this by fraudulently getting hold of valid login and password details, Woolworths said, not by breaching its security.
“Woolworths has investigated and found no evidence to suggest its systems have been breached or compromised,” the company said in a statement.
“In all cases, Rewards accounts have been accessed with valid login and password details, indicating fraudsters have obtained login credentials from online scams or other sources.
“Woolworths has taken the precautionary step of locking down hundreds of additional Rewards online accounts with suspicious point redemptions.”
The company has also tightened its account-management controls for the Rewards program.
It has done this through a range of measures. These include: enhancing its password security, emailing affected members with unique one-off codes to access their accounts, and sending out notifications of any preferences that have changed.
‘Remain ever vigilant’
The company says it has also contacted compromised Rewards members directly to help them safeguard their accounts and points.
Woolworths Director of Loyalty Ingrid Maes says the company takes its security responsibilities extremely seriously.
“That’s why we’ve put in place a range of new account security controls to help our members keep their accounts more secure,” she said.
“As always, we encourage our members to remain ever vigilant of online scammers. And to keep their accounts as secure as possible with strong and unique passwords.”
The supermarket has pledged to restore all the fraudulently redeemed points of any customers hit by the scammers.