It has been revealed by the specialist technology media (such as Computer Weekly) that a misconfigured cloud server at global cosmetics brand Avon was discovered leaking 19 million records. Among the data exposed was personal information and technical logs.
The loss of this type of data has also been reported by Avon via a notification sent to the US Securities and Exchange Commission (SEC).
In a statement the cosmetics firm said: “Avon … after suffering the cyber incident… is planning to restart some of its affected systems in the impacted markets throughout the course of next week. Avon is continuing the investigation to determine the extent of the incident, including potential compromised personal data. Nevertheless, at this point it does not anticipate that credit card details were likely affected, as its main e-commerce website does not store that information.”
The issue has been picked up on by Ed Macnair, CEO of Censornet. Macnair tells Digital Journal: “This is another example of a big name playing fast and loose with the sensitive data of their customers, and the scale of this leak is particularly embarrassing for Avon.”
Macnair adds, tellingly: “It is simply unacceptable that a database of this size was left exposed with no password protection or encryption.”
He adds that the type of data that has been exposed is potentially serious: “The leaked information provides hackers with everything they need to launch a multitude of sophisticated and targeted attacks. Besides the potential cyber security ramifications, as customers’ home addresses have been exposed, their physical safety could also be at risk.”
Macnair adds that there are lessons for many businesses, following this event, stating: “As these leaks continue to take place, the onus is on businesses of all sizes to ensure that they have visibility and control over the data of their customers. It’s crucial that organisations adopt a multi-layered approach to security and implement the appropriate technologies correctly to keep these databases secure.”
