Shoe Retailer Office left exposed after customer records hacked
Burnetts' Information Law solicitor Natalie Ruane discusses a case involving exposed customer records in a retail outlet.
The Information Commissioner’s Office has issued a warning to shoe retailer Office after the personal data of over one million customers was hacked. The hacker managed to gain potential access to customer’s contact details and website passwords via an unencrypted database that was due to be deleted. The hacker bypassed other technical measures the company had put in place and the incident went undetected. Office has signed an undertaking committing to address issues of data protection.
This breach highlights two important areas of data protection:
- the unnecessary storage of older personal data, and
- the lack of security to protect data.
Even data that is in the process of being deleted is vulnerable. It also highlights the need and purpose for retaining personal data to ensure that information is not kept for longer than is required. An assessment of the data that is held by any organisation should be undertaken regularly.
This particular data breach also highlighted the increased risk when customers use the same password for all their accounts.
About the author
Natalie is a Partner and leads the Employment Law & HR team and specialises in education.
Published: Friday 30th January 2015
Categorised: Information Law