Woolworths knew that when it bought MyDeal that the website had major cybersecurity flaws, which were borne out during last week’s hack.

Woolworths notified MyDeal’s 2.2 million Australian users on Friday their personal data had been ‘comprised’ during the hack.

While roughly half of these users had only their email addresses exposed, others also had names, phone numbers, delivery addresses, and birthdays.

Now, Woolworths chief security officer Pieter van der Merwe told The Australian Financial Review the retail giant was aware when it bought the business in May that cybersecurity needed to be improved.

“This due diligence is undertaken by our internal IT experts in conjunction with our external advisers,” he said of the discovery, prior to making the deal.

“With MyDeal, we identified areas for investment in the IT space during due diligence and the MyDeal team had started implementing these.

“Our IT due diligence work focuses on the operational resilience of the business’ technology environment, which typically includes elements of operations stability, disaster recovery, development practices, and cybersecurity.”

Van der Merwe also confirmed that Woolworths had “doubled its cybersecurity team” and investment in cybersecurity over the past three years.