Hardware chain Total Tools, owned by Metcash, is reported to have suffered a major data leak that is believed to have impacted 38,000 customers covering information including their credit card numbers, email addresses and log-in details.

The leak is believed to have been perpetrated by professional cyber hackers, according to The Australian.

Total Tools has been working on the data leak for a number of days after it first discovered unusual and suspicious activity within its IT systems, and is still investigating the size and scope of the breach.

After an initial investigation by a specialist third-party forensic cyber specialist, the company is understood to have estimated that customer data linked to 38,000 of its shoppers were illegally compromised. Total Tools will soon contact its customers alerting them to the data breach.

The hardware chain is run by Richard Murray, the former chief executive of JB Hi-Fi. Metcash acquired a majority stake in Total Tools in 2020, and delivered significant sales growth, almost doubling turnover to $1.09 billion in 2023 from $585 million in the 2020 financial year.

Towards the end of last year, when the store network expanded to around 112 sites, with plans drawn up to add around 10 stores a year, Metcash took full control of Total Tools by spending $101.5 million to acquire the 15 per cent of the hardware chain it did not already own.

Metcash has alerted the government’s Australian Cyber Security Centre regarding the latest data leaks.

One of the biggest data leaks to have hit Australia recently was recorded back in 2022 when publicly-listed health insurer Medibank was the subject of a cyber attack saw the records of more than 10 million customers compromised. It cost Medibank more than $30 million and regulator APRA forced the insurer to set aside a capital adequacy requirement of $250 million after “weaknesses” were identified in its IT infrastructure.