Customers' personal and financial information stolen after attack on company's e-commerce platform

Synopsis

In June 2020, the company disclosed that attackers had stolen their customers' personal and financial information following a breach their e-commerce platform.

In the notification letter to customers the company explained that their Internet Service Provider (ISP) had "neglected to activate the anti-virus software" on the company's account. This statement about the ISP was met with confusion from commentators as it is not usually the ISP’s job to provide anti-malware software. Attackers placed a form on the company's website that was misleading and once customers were redirected to this form and entered their details, their personal and financial information was captured and stolen by those responsible for the attack.

Speak to the analyst

Want to discuss this case? We're offering a FREE 20 minute phone consultation to discuss this case and the implications it has for your organisation. Just select the time and date that works for you:

Analyst

Courtenay Brammar

Experienced global enterprise risk and governance professional. Previously Vice President at Morgan Stanley, Deloitte Risk Advisory practitioner and PRMIA steering committee member in both London and New York.

Additional services

We offer a range of cost-effective, fixed-price training programmes and consultant services derived from the unique insights gained from all our case study data.

If you'd rather we did the heavy lifting in developing a cyber incident response plan or lessons learnt training for your organisation underpined by our unique insight into the challenges faced and strategies implemented by organisations countering today's cyber security threats then please contact us here.