Researcher Troy Hunt is sharing that UK retailer FatFace has been breached, and contrary to GDPR requirements, was slow to report it. Moreover, it has advised both customers and employees that stolen card data can’t be used illegally because there was only partial data stolen. In an email sent to thousands of customers, they requested customers “keep this email and the information included within it strictly private and confidential.” Gurucul offers perspective.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
<p>The breach of UK clothing retailer FatFace is interesting more for their response than the incident itself. While the data stolen was limited, it would still be useful to attackers. Their response to customers included an advisory to keep the incident in confidence. That is unusual and would seem to fly in the face of the UK\’s data protection laws. While a business might suffer a hit to their reputation after a breach, it is guaranteed to suffer a greater hit if they try to conceal one. Customers and the general public appreciate transparency and it goes a long way to restoring trust after a cybersecurity incident.</p>