UK Clothing Retailer Breached, Tells Customers Not To Disclose It

Researcher Troy Hunt is sharing that UK retailer FatFace has been breached, and contrary to GDPR requirements, was slow to report it. Moreover, it has advised both customers and employees that stolen card data can’t be used illegally because there was only partial data stolen. In an email sent to thousands of customers, they requested customers “keep this email and the information included within it strictly private and confidential.” Gurucul offers perspective.

Subscribe
Notify of
guest

1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Saryu Nayyar
Saryu Nayyar , CEO
InfoSec Expert
March 26, 2021 11:01 am

<p>The breach of UK clothing retailer FatFace is interesting more for their response than the incident itself. While the data stolen was limited, it would still be useful to attackers. Their response to customers included an advisory to keep the incident in confidence. That is unusual and would seem to fly in the face of the UK\’s data protection laws. While a business might suffer a hit to their reputation after a breach, it is guaranteed to suffer a greater hit if they try to conceal one. Customers and the general public appreciate transparency and it goes a long way to restoring trust after a cybersecurity incident.</p>

Last edited 1 year ago by Saryu Nayyar
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x