Back to Advanced persistent threat (APT)

Advanced persistent threat (APT)

700,000 customers of UK online shopping brands impacted by data leak

In July 2018, white hat hacker Taylor Ralston discovered a data leak involving Fashion Nexus, a UK-based e-commerce and web design company. This data leak, first reported by security researcher Graham Clueley,  exposed the personal data of around 700,000 UK shoppers.

What did the leak entail?

Fashion Nexus has built online stores for a number of famous brands, including AX Paris, Elle Belle Attire, and Traffic People. Ralston was able to access Fashion Nexus' server that stores the personal data of customers who shopped at these websites.

This leak exposed UK shoppers' personally identifiable information, including their names, phone numbers, email addresses, and MD5-hashed passwords. Though the exposed customer records contain personally identifiable information, they do not contain any payment card information or bank account details. This data leak is especially worrying because there's no way of confirming whether or not this data has fallen into the wrong hands.

What does this leak mean under the General Data Protection Regulation (GDPR)?

Occuring just a couple months after the GDPR came into effect, this data leak is a definite act of non-compliance. While the exposed data belongs to the online retailers' customers, it was still Fashion Nexus' job to securely process this data. Whether or not Fashion Nexus will face fines is still up for debate.

How ManageEngine can help

ManageEngine EventLog Analyzer helps you audit access to the confidential data stored in your databases, monitor user activity within databases, and secure databases by monitoring them for common attack patterns. It also provides real-time alerts about data leaks and unauthorized access to network resources. With these features and more, EventLog Analyzer helps you comply with the GDPR, and pass other popular compliance audits easily.

Start your free trial of EventLog Analyzer today.

Share:

Latest DoS and DDoS attacks

Latest Brute force attack

Latest Crypto ransomware

Latest Advanced persistent threat (APT)

Compliance violation

Stay In The Know

Subscribe to our digest to get your weekly dose of cyber security updates straight to your inbox.

Please enter a business email id
 

By clicking 'I’m interested', you agree to processing of personal data according to the Privacy Policy

+

Stay In The Know

Thank you

You will receive weekly cybersecurity news soon!

  • Please enter a business email id
  •  
  •  
    By clicking 'I'm Interested', you agree to processing of personal data according to the Privacy Policy.

© 2019 Zoho Corporation Pvt. Ltd. All rights reserved.