Categories: Security

Footwear Retailer Escapes Fine For Customer Data Breach

The Information Commissioner’s Office (ICO) has warned shoe retailer Office over its failure to protect customer data in a hack discovered last May, but stopped short of fining the company.

Office said at the time that no payment data had been compromised, but names, addresses, phone numbers, email addresses and passwords for the Office website may have been accessed on an unencrypted database that was due to be decommissioned.

That meant, notably, that the attacker could have accessed other accounts of Office users, if they had used the same username and password on multiple websites, although in fact there was “no evidence” to suggest that the customer information had been used any further, ICO group manager Sally-Anne Poole said in a statement.

“The breach has highlighted two hugely important areas of data protection: the unnecessary storage of older personal data and the lack of security to protect data,” Poole stated.

Office has signed an undertaking to resolve these issues, and agreed to conduct regular penetration testing of its systems in the future, the ICO said. The company has decommissioned the servers in question and implemented a new hosting infrastructure.

Migration procedures

“Office has explained that removing the historic customer data from the database before migration to the new system was believed to add complexity and a material risk of data mismatches, operation downtime and customer disruption, so as to put the project at risk,” the ICO said in its report into the breach. “However, Office has since accepted that in hindsight, the risks of removing these details before migration were less than originally thought.”

The retailer got off lightly in this case, according to security researcher Graham Cluley.

“It’s a lucky escape for Office, which hardly showered itself in glory by failing to bother mentioning the hack to customer via its website front page,” he said in an advisory.

Are you a security pro? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

1 day ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

1 day ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

2 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

2 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

2 days ago