Shoe retailer Office has been given the slipper by the data regulator after the personal data of over one million customers was left exposed in a hack attack.
The hacker managed to gain the potential to access customers’ contact details and website passwords via an unencrypted database that was due to be decommissioned. The hacker bypassed other technical measures the company had put in place and the incident went undetected.
The Information Commissioner’s Office has forced the company – which has 105 high street stores and nearly 50 concessions, as well as an online operation – to sign an undertaking to ensure it tightens up its data security.
The ICO warned the breach exposed two hugely important areas of data protection: the unnecessary storage of older personal data and the lack of security to protect data.
ICO group manager Sally-Anne Poole said: “All data is vulnerable even when in the process of being deleted, and Office should have had stringent measures in place regardless of the server or system used. The need and purpose for retaining personal data should also be assessed regularly, to ensure the information is not being kept for longer than required.
“Fortunately, in this case there is no evidence to suggest that the information has been used any further and the company did not store any bank details.”
The data breach, dating back to May last year, also highlighted the risks associated with customers using the same password for all their online accounts.
Poole added: “This one incident could potentially have given the hacker access to numerous accounts that the clients held with other organisations, as passwords were included on the database in question. It’s important to use a unique, strong password for each separate account; preferably a combination of numbers and letters – not a name or dictionary word.”
The company has committed to address the issues of data protection and has already decommissioned the servers in question and implemented a new hosting infrastructure.
Apple acts as scammers go wild
The naked truth about online data
Apple blames customers for breach
Breaches ‘everyday occurrences’
Half of eBay users now wary
Marketers shoulder hacking costs
Cyber gang banged up for 30 years
Gang held in Santander hack scam
Only 2% of cops can fight e-crime
Cops ‘don’t care about cyber-crime’
Staffer held over Morrisons breach
Hackers ‘get ugly’ with mega attack