In June 2020, the company disclosed that attackers had stolen their customers' personal and financial information following a breach their e-commerce platform.
In the notification letter to customers the company explained that their Internet Service Provider (ISP) had "neglected to activate the anti-virus software" on the company's account. This statement about the ISP was met with confusion from commentators as it is not usually the ISP’s job to provide anti-malware software. Attackers placed a form on the company's website that was misleading and once customers were redirected to this form and entered their details, their personal and financial information was captured and stolen by those responsible for the attack.
Want to discuss this case? You can purchase a 30 minute conference call with our analysts to discuss this case and the implications it has for your organisation. Just select the time and date that works for you:
We've done the analysis so you can make the decisions