Top home hardware firm data leak could see millions of customers affected

• Cybernews found a major database belonging to Sydney Tools left unsecured online
• It exposed employee and customer data
• As many as 34 million orders could be exposed

Millions of Australians (and possibly others) may have had their sensitive information exposed on the internet due to a leak from a major retailer.

Researchers from Cybernews uncovered a huge exposed Clickhouse database belonging to Sydney Tools, an Australian retailer specializing in power tools, hand tools, and industrial equipment for tradespeople and DIY enthusiasts.

The database reportedly contains entries belonging to both Sydney Tools employees (current and former), and customers.

Monitor your credit score with TransUnion starting at $29.95/month

TransUnion is a credit monitoring service that helps you stay on top of your financial health. With real-time alerts, credit score tracking, and identity theft protection, it ensures you never miss important changes. You'll benefit from a customizable online interface with clear insights into your credit profile. Businesses also benefit from TransUnion’s advanced risk assessment tools.

Preferred partner (What does this mean?)

View Deal

Millions of customers

For employees, there are more than 5,000 entries containing full names, branches of employment, salaries, and sales targets. Since Sydney Tools apparently has around 1,000 employees, it’s safe to assume that the majority of entries in this category fall on former employees.

While payment or banking information was not exposed here, there are still plenty of “ingredients” for a dangerous phishing, or identity theft cocktail .

Employees aside, the leaked database also spilled more than 34 million online purchase records.

These contained people’s names, email addresses, home addresses, phone numbers, and ordered items, which makes this part of the leak objectively worse.

“The leaked data is sensitive as it included extensive personally identifiable information in large volumes, as well as sensitive information regarding which customers purchased expensive items, and the salaries of their employees,” the researchers said.

The Cybernews report was published in late March, 2025 and said that, at press time, the archive was still exposed on the internet and leaking data. The researchers said they tried to get in touch with Sydney Tools to get them to close the archive, but were unsuccessful.

Unprotected databases remain one of the biggest causes of data leaks today.

Sydney Tools offers a wide range of products from major brands, including tools for construction, automotive, and woodworking applications. The company operates both online and through physical stores across Australia.

You might also like

• Cl0p resurgence drives ransomware attacks to new highs in 2025
• We've rounded up the best password managers
• Take a look at our guide to the best authenticator app