Shopify data breach hits Kylie Jenner make-up firm

Customers of Kylie Jenner’s make-up company have been warned that their personal data could have been compromised following a data breach at ecommerce platform Shopify. 



null


© Provided by TechRadar
null

Blame for the event has been laid at a pair of ‘rogue’ Shopify staff members, who allegedly stole order records from Kylie Cosmetics. The theft is estimated to have targeted at least 100 sellers operating on the Shopify platform.

According to the Canadian e-commerce company, the issue occurred on September 23 and could have exposed the names of customers along with email and postal addresses. Shopify has also identified some customer credit card data as being at risk too, with the last four digits of cards potentially being exposed. However, it claims full payment details were not compromised following the breach.

Kylie Cosmetics has since launched an investigation into the security issue and said it is working with Shopify to identify any transactions that may have been affected. The company added that it would be getting in contact with any of its customers who might have had their personal information compromised. Shopify is also working with the FBI and other agencies investigating the matter.

Data breach

Kylie Cosmetics has since launched an investigation into the security issue and said it is working with Shopify to identify any transactions that may have been affected. 

The company added that it would be getting in contact with any of its customers who might have had their personal information compromised. Shopify is also working with the FBI and other agencies investigating the matter.

“Insider threat is a very real issue that gets little attention,” noted Lamar Bailey, senior director of security at Tripwire. “Support engineers are often an entry-level job so it is easier for someone to infiltrate the organization at this level. A bad actor looking to gain company data can easily use a fake identity to secure a job then use this position as a launching point for gathering data to sell on the black market.

“It is imperative that organizations have security controls in place for users, access, and file monitoring to look for employees accessing systems, code, or data they do not need access to. A stance of least privilege for everyone is the best policy. With the current industry skills gap, organizations may not be as diligent validating the background of new employees.”

Source Article

Next Post

The rise of clothing resale platforms may come at the cost of low-income buyers

Sun Oct 4 , 2020
After spending hours standing, sifting and sorting through endless racks of garments, there is no better feeling than finding that perfectly worn pair of “vintage” jeans or a faded oversized T-shirt from an iconic band. Especially when working around a budget, that feeling only intensifies when a brief glance at […]