Babycare retailer, Kiddicare has announced that a major data breach has occurred in the company and over 794,000 customer records have been stolen and compromised.
Kiddicare is a UK-based baby products brand which sells its products online and through its store located in Peterborough.
Surprisingly, the first time the company heard of this data breach was when customers complained that they were receiving suspicious messages that didn’t seem to be from Kiddicare.
An internal investigation was done but it found no security issues at all. But then an independent security company later did the same analysis and notified Kiddicare that their test website which had been in use in 2015 had actually been compromised and there was a big data breach. More internal investigation confirmed that this was actually true and a lot of customer details had been breached.
Kiddicare has announced that there is no reason to believe that the account passwords were compromised as well. But the company has emailed all the affected customers letting them know that their names, telephone numbers and addresses have been compromised.
The company also stressed about the fact that no payment details have been stolen. However, if the hackers have other details, they could have tricked customers by making them log into phishing websites to obtain payment information.
Kiddicare released a statement regarding this issue and said, “We are very sorry for the potential stress and anxiety this incident may have caused our customers. We want to reassure everyone that the problem has been fixed, increased security measures have been implemented and we have a dedicated team to help with any further concerns.”
Graham Culey, an independent security researcher wrote in a blog post about this data breach and said, “In principal, there’s nothing really wrong with using real production data on a test environment i the test site is properly secured and does not make it easier for hackers to steal information than, say, on the normal, live servers. But it shouldn’t be forgotten that this was a test site, and things are expected to go wrong.
“Unfortunately, time and time again it’s seen that companies can be sloppier about the security of their test sites than their official sites – opening opportunities for data thieves and hackers. For that reason it’s usually much safer to generate fake data for testing purposes – just in case.”
Because of this breach, Kiddicare has reported itself to the UK’s Information Commissioner Office (ICO). All the further investigation will be taken up from their side now.
The latest security breach clearly shows how important it is prioritize security, since at the end of the day, it’s the customers who suffer the most.