Customers' personal and financial information stolen after attack on company's e-commerce platform

Synopsis

In June 2020, the company disclosed that attackers had stolen their customers' personal and financial information following a breach their e-commerce platform.

In the notification letter to customers the company explained that their Internet Service Provider (ISP) had "neglected to activate the anti-virus software" on the company's account. This statement about the ISP was met with confusion from commentators as it is not usually the ISP’s job to provide anti-malware software. Attackers placed a form on the company's website that was misleading and once customers were redirected to this form and entered their details, their personal and financial information was captured and stolen by those responsible for the attack.

Book a consultation

Want to discuss this case? You can purchase a 30 minute conference call with our analysts to discuss this case and the implications it has for your organisation. Just select the time and date that works for you:

Companies

  • Fitness Depot

We've done the analysis so you can make the decisions

$489.99
When purchasing a minimum of 5 Case Studies
$699.99 if buying less than 5.

  • Detailed cause & effect analysis
  • Lessons learnt catalogued
  • Preventive controls extracted
Add to Cart
Heads up! Want to try before you buy? You can download our FREE demo case study here