Shoe shop Office has become the latest retailer to be hit by a data breach of customer records.
Although there is no mention of the data leak on the firm’s blog, Facebook account or Twitter feed, there is a statement hidden away on its website.
It has the following info:
“Unfortunately we have been the subject of a security breach resulting in unauthorised access to some Office.co.uk accounts. We can confirm that no credit card, debit card, PayPal or bank details were compromised in any way. Only accounts created prior to August 2013 have been affected, but the information does include name, address, phone number, email address and the password to your OFFICE account. We have contacted all affected customers directly via email.”
Office said it has now reset passwords to protect its customers’ accounts, however, users which shared the same password across multiple accounts should probably now set about changing those.
The firm didn’t specify whether the personal details nabbed in this attack were stored in encrypted format or not.
The shoe shop said it first became aware of a potential breach on March 22.
“After extensive investigations we were able to confirm this on May 26th 2014. We have acted as quickly as possible to inform customers,” it added.
Paul Martini, CEO at iboss Network Security, argued that Office has been poor at communicating the incident to its customers, despite emailing them details of the breach.
“There is no dress rehearsal for Office. Failure to communicate is failure to protect. Speed of information is everything when it comes to handling a hacking incident. Customers rarely read emails instantly, but they are on Twitter and Facebook throughout the day,” he said.
“The trend of organizations revealing that a hack has taken place in an email and delaying the education process, must come to an end. Organizations must communicate across every channel – the company website, Facebook, Twitter – or risk increasing the damage caused by the hack.”
Charles Sweeney, CEO of web filtering business Bloxx, added that this latest breach has highlighted once again the shortcomings of passwords as an authentication method.
“Yes, customers have to ensure that they take precautions with their passwords, but equally given how prevalent such hacks are becoming I think brands need to offer assurances about the measures they take to protect customer data,” he said.
“The success of ecommerce is based on consumers trusting the site that they are transacting with and companies are on the verge of that trust being eroded. Once it is gone it will be very hard to get back."
Office's data breach comes after disclosures in the past fortnight by eBay, Avast and Spotify.
Payment card data (55%) topped the list of what's most often compromised in hacking attacks, according to the Trustwave Global Security report last week.