UK Clothing Retailer Breached, Tells Customers Not To Disclose It

Researcher Troy Hunt is sharing that UK retailer FatFace has been breached, and contrary to GDPR requirements, was slow to report it. Moreover, it has advised both customers and employees that stolen card data can’t be used illegally because there was only partial data stolen. In an email sent to thousands of customers, they requested customers “keep this email and the information included within it strictly private and confidential.” Gurucul offers perspective.

Experts Comments

March 26, 2021
Saryu Nayyar
CEO
Gurucul

The breach of UK clothing retailer FatFace is interesting more for their response than the incident itself. While the data stolen was limited, it would still be useful to attackers. Their response to customers included an advisory to keep the incident in confidence. That is unusual and would seem to fly in the face of the UK's data protection laws. While a business might suffer a hit to their reputation after a breach, it is guaranteed to suffer a greater hit if they try to conceal one.

.....Read More

The breach of UK clothing retailer FatFace is interesting more for their response than the incident itself. While the data stolen was limited, it would still be useful to attackers. Their response to customers included an advisory to keep the incident in confidence. That is unusual and would seem to fly in the face of the UK's data protection laws. While a business might suffer a hit to their reputation after a breach, it is guaranteed to suffer a greater hit if they try to conceal one. Customers and the general public appreciate transparency and it goes a long way to restoring trust after a cybersecurity incident.

  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.