In June 2020, the company disclosed that attackers had stolen their customers' personal and financial information following a breach their e-commerce platform.
In the notification letter to customers the company explained that their Internet Service Provider (ISP) had "neglected to activate the anti-virus software" on the company's account. This statement about the ISP was met with confusion from commentators as it is not usually the ISP’s job to provide anti-malware software. Attackers placed a form on the company's website that was misleading and once customers were redirected to this form and entered their details, their personal and financial information was captured and stolen by those responsible for the attack.
If you'd rather we did the heavy lifting in developing a cyber incident response plan or lessons learnt training for your organisation underpined by our unique insight into the challenges faced and strategies implemented by organisations countering today's cyber security threats then please contact us here.