Welcome to Don’t Be A Sitting Duck, the podcast that helps you stay ahead of cyber threats and avoid becoming the next victim of online scams. I’m Leigh Kefford, and today we’re talking about a fresh data breach—this time, affecting Thermomix’s Recipe Community forum in Australia and New Zealand.

If you’ve received an email from Vorwerk about this, don’t panic—but don’t ignore it either. Today, we’re breaking down what happened, what data was exposed, and most importantly, what you need to do right now to protect yourself. Let’s dive in.

What Happened?

Vorwerk, the company behind Thermomix and its Recipe Community forum, has confirmed a security breach that exposed user data.

Between January 30th and February 3rd, 2025, cybercriminals gained unauthorized access to a secondary server at one of their external service providers. This breach affected users in Australia, New Zealand, and several European countries.

Here’s the key information Vorwerk has shared:

• No passwords or financial data were compromised.
• No internal systems, including Cookidoo and TheMix Shop, were accessed.
• The breach was isolated to the Recipe Community forum.
• The vulnerability has been fixed, and the affected server has been shut down.

What Data Was Stolen?

While your passwords weren’t exposed, your personal details were. The stolen data includes:

✅ Your name
✅ Your address
✅ Your birthday
✅ Your phone number
✅ Your email address
✅ Your Thermomix preferences

This may not seem like much on its own, but cybercriminals can use this information to launch highly targeted phishing attacks, impersonation scams, and even identity theft.

What You Need to Do Right Now

If you were affected by this breach, here’s what you should do immediately:

🔹 Be on high alert for phishing scams. Scammers now have your name, email, and phone number, which means you may receive emails or calls pretending to be from Vorwerk, your bank, or other trusted services. Don’t click on suspicious links, and never share more personal information over email or phone.

🔹 Secure your accounts. Even though passwords weren’t leaked, it’s a good reminder to enable Multi-Factor Authentication (MFA) wherever possible. If you use the same email for other accounts, consider updating those passwords to something strong and unique.

🔹 Check your credit file. Cybercriminals sometimes use stolen details for identity fraud. Consider placing a fraud alert on your credit file to prevent unauthorized applications.

🔹 Monitor your online activity. Keep an eye on your emails, phone calls, and bank accounts for anything suspicious. If something seems off, act fast.

🔹 Use IDCARE for support. Vorwerk has partnered with IDCARE, Australia’s national cyber support service, to help affected users. Their services are free, and you can reach them at:

• www.idcare.org
• 1800 595 160 (Australia)
• 0800 121 068 (New Zealand)
• Use the referral code VRWKA25 when you contact them.

🔹 Report concerns to authorities. If you believe your data is being misused, you can contact:

• The Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au
• IDCARE for personalized advice on securing your identity.

Why This Matters

This is yet another reminder that data breaches don’t just happen to big corporations—they happen to everyday platforms that we trust. And even though passwords weren’t stolen, the information that was leaked is still valuable to cybercriminals.

The key takeaway? Stay alert. If an email, call, or text seems suspicious, verify it before acting. Cybercriminals rely on people letting their guard down—don’t give them that chance.

I’ll be following this story, and if there are any major updates, I’ll be sure to cover them in a future episode.

Final Thoughts

Thanks for tuning into Don’t Be A Sitting Duck! If you found this episode helpful, share it with your friends, family, or colleagues—especially if they use the Recipe Community forum.

If today’s discussion has you thinking about your own business security, here’s what to do next:

📌 Book your free Empower Systems Assessment at nationalpc.com.au—it’s the easiest way to understand where your business is vulnerable and how to fix it.

📌 Check out my audiobook, Sitting Duck – The Phone Call You Don’t Want to Receive. It’s a short but powerful listen about how a Business Email Compromise attack unfolds and the real-world impact it has on businesses. Available now on Spotify and leading audiobook platforms.

Until then, Stay safe, stay aware, and remember—don’t be a sitting duck for cybercrime.