cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

T2 scalded by alleged data breach affecting more than 80k customers

The Australian branch of the popular specialty tea retailer has been allegedly caught up in a data breach impacting customers in the European Union, North America, and New Zealand.

user icon David Hollingworth
Thu, 18 Apr 2024
T2 scalded by alleged data breach affecting more than 80k customers
expand image

Members of a popular clear web hacking forum are crowing over a data breach that appears to impact tens of thousands of T2 customers.

A user by the name of “emo” has claimed to have a selection of sales documents belonging to the specialty tea retailer, in particular sales data from T2’s global operations that – according to emo – includes more than 80,000 emails.

“Credit to doubl for this breach,” emo said in the 17 April post, presumably alluding to the hacker who actually stole the data.


The post claims that the data includes 85,981 “unique emails” and is alleged to have occurred in April 2024. The post said the fields include “emails, names, phone numbers, date of birth, genders, and passwords stored using Scrypt”.

Scrypt is a “key derivation function” designed in 2009 to make brute-force attempts to get around password encryption much harder to achieve.

Also included in the post is a sample of the data, which appears to be an entry for a single Australian customer. The data appears to be legitimate, as do the other files.

However, while the poster claims the hack is recent, most of the files date back to 2021. That said, the data includes several very large .XML files relating to in-progress orders, customer exports, customer wishlists, inventory details, and pricing books. Some of the documents even include messages to be included with products bought as gifts.

The original forum post does not mention credit card data, but one of the responses suggests there may be some for those who care to sift through it all.

“Also contains partial CC data, payment methods, physical addresses and orders,” replied another forum user. “Thanks for this leak!”

The data is currently circulating for free.

Cyber Daily has reached out to T2 Australia for comment.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

cd intro podcast

Introducing Cyber Daily, the new name for Cyber Security Connect

Click here to learn all about it
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.