Connect with us

Hi, what are you looking for?

Tech & Science

Retail giant discloses data breach two months too late (Includes interview)

The form of customer and employee information stollen extends to names, addresses, national insurance details, banking references, and the last four digits of credit cards and store cards, according to TechCrunch. The company initially discovered the breach on January 17, 2021. However, they only elected to notify customers and employees two months later. Their reason? The company claimed they were investigating the matter. This may have been the case, but under the U.K. data protection laws, a company must disclose a data breach within 72 hours of becoming aware of an incident

Additionally, FatFace requested the email it sent out be kept private and confidential. This did not last for long and the breach was made public after a former employee reported it.

In addition, FatFace has additionally paid a $2 million (about £1.5 million) ransom to the Conti ransomware gang, following a successful ransomware attack earlier this year.

Looking at the issue for Digital Journal is Anurag Kahol, CTO and Cofounder of Bitglass.

Kahol begins by looking at the reporting delay, noting: “It’s concerning that it took the company over two months to disclose this data breach. The personally identifiable information and financial details stolen in this incident put those affected at greater risk of financial fraud and identity theft. Organizations that suffer from a breach should take responsibility and disclose its full impact as soon as practicable.”

Kahol goes on to look at the security weaknesses: “While maintaining compliance with privacy regulations should always be a top priority, this incident also highlights the inadequacy of reactive approaches to cybersecurity. To prevent unauthorized access, organizations need to adopt flexible security platforms that provide a wealth of capabilities which proactively detect and respond to threats as they arise. For example, implementing capabilities such as step-up multi-factor authentication, data loss prevention, and user and entity behavior analytics can give organizations much needed control over access to their data. In today’s frenetic world, real-time protections are absolutely necessary.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Business

The Government of Alberta today introduced a strategy to establish itself as North America's premier destination for AI data centres.

World

The world of cryptocurrency. — © Digital JournalBitcoin broke the $100,000 mark for the first time Thursday on hopes US president-elect Donald Trump will...

Business

Palmer Luckey, a co-founder of Oculus VR, went on to co-found defense technology firm Anduril Industries after Facebook bought Oculus for $2 billion in...

Business

The OPEC oil cartel and its allies are expected to extend their supply cuts to avoid a sharp drop in prices.